Copying of an addon results in broken Session Cookie if action done just after login

RESOLVED WONTFIX

Status

addons.mozilla.org Graveyard
Add-on Builder
P3
normal
RESOLVED WONTFIX
7 years ago
3 years ago

People

(Reporter: ashah, Assigned: zalun)

Tracking

unspecified
Q2 2012
x86
Mac OS X

Details

Attachments

(1 attachment)

(Reporter)

Description

7 years ago
Currently, we can only create a single copy of an add-on. But, this behavior should be duplicated and users should be allowed to create multiple copies of an add-on.
(Assignee)

Updated

7 years ago
Priority: -- → P3
Target Milestone: --- → Builder 0.9.4
(Assignee)

Updated

7 years ago
Assignee: nobody → zaloon
Target Milestone: Builder 0.9.4 → Builder 0.9.5
(Assignee)

Comment 1

7 years ago
https://github.com/zalun/FlightDeck/commit/035c76ef4c31c191c230adda93f52b66d52baeba
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
Reopening; failing due to CSRF check 403'ing:

[11:02:04.835] GET https://builder-addons.allizom.org/module/1377/ [HTTP/1.1 200 OK 53ms]
[11:02:05.004] GET https://builder-addons.allizom.org/addon/1000219/latest/worker-javascript.js [HTTP/1.1 304 NOT MODIFIED 398ms]
[11:02:06.280] GET https://builder-addons.allizom.org/get_latest_revision_number/1000219/ [HTTP/1.1 200 OK 18ms]
[11:02:06.354] POST https://builder-addons.allizom.org/addon/copy/1000219/revision/96/ [HTTP/1.1 403 FORBIDDEN 3029ms]
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Created attachment 533017 [details]
Screenshot showing CSRF failure during copy
(Assignee)

Comment 5

7 years ago
Looks like it works for me - is this fixed already?
(In reply to comment #5)
> Looks like it works for me - is this fixed already?

No, can still reproduce; are you testing in prod, or staging?
(Assignee)

Comment 7

7 years ago
I checked in prod and trunk (as your screenshot was from trunk)
I am unable to reproduce as well. Anything else that might be different?
(In reply to comment #8)
> I am unable to reproduce as well. Anything else that might be different?

Sorry, not that I can think of; here's a screencast showing the issue from start to finish: http://screencast.com/t/yQB2WPUZoNGf
(Assignee)

Comment 10

7 years ago
I am able to reproduce now - one has to start logged out
(Assignee)

Comment 11

7 years ago
Looks like the csrftoken is wrong. 
It is reset when creating another Package.
From that moment one may copy any add-on
(Assignee)

Comment 12

7 years ago
The reproduce steps from screencast don't always work. After I came through the process of changing the csrftoken in cookies, I was able to replicate the steps without reproducing the bug
(Assignee)

Updated

7 years ago
Summary: Allow users to create copy of a copy of an add-on → Copying of an addon results in broken Session Cookie if started as anonymous
(Assignee)

Updated

7 years ago
Duplicate of this bug: 664205
(Assignee)

Updated

7 years ago
Target Milestone: Builder 0.9.5 → Builder 0.9.10

Updated

7 years ago
Target Milestone: Builder 0.9.10 → Builder 0.9.11

Updated

6 years ago
Target Milestone: Builder 0.9.11 → Builder 1.0
(Assignee)

Comment 14

6 years ago
I will code in a workaround - do not display [Copy] link if not logged in
(Assignee)

Updated

6 years ago
Duplicate of this bug: 665950
(Assignee)

Comment 17

6 years ago
Marking as fixed, browserId should solve this issue and anonymous copying will become possible again
Status: ASSIGNED → RESOLVED
Last Resolved: 7 years ago6 years ago
Resolution: --- → FIXED

Comment 18

6 years ago
Copy can't be done if not logged in now so the workflow is no longer valid.

Will need to re-test for this bug if we re-enable anonymous copying
Status: RESOLVED → VERIFIED
(Assignee)

Updated

6 years ago
Duplicate of this bug: 665950
(Assignee)

Comment 20

6 years ago
Alexandre Poirot (:ochameau) 2011-10-28 05:22:04 PDT
commented in bug 665950:

There is still an issue with "Copy" feature.
If always fails if you have never create an addon while you signed in!

Steps to reproduce:
 Logout
 Sign in
 open any existing addon
 click on Copy
 --> CSRF error popup
 
 Now if you create an addon, then open an addon. Copy is going to work :o
Status: VERIFIED → REOPENED
Resolution: FIXED → ---
(Assignee)

Updated

6 years ago
Summary: Copying of an addon results in broken Session Cookie if started as anonymous → Copying of an addon results in broken Session Cookie if action done just after login
(Assignee)

Updated

6 years ago
Target Milestone: Builder 1.0 → Q2 2012
the add-on builder project has been retired.  More info at https://blog.mozilla.org/addons/2013/12/18/add-on-builder/
Status: REOPENED → RESOLVED
Last Resolved: 6 years ago3 years ago
Resolution: --- → WONTFIX
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.