Closed
Bug 652875
Opened 13 years ago
Closed 10 years ago
Copying of an addon results in broken Session Cookie if action done just after login
Categories
(addons.mozilla.org Graveyard :: Add-on Builder, defect, P3)
Tracking
(Not tracked)
RESOLVED
WONTFIX
Q2 2012
People
(Reporter: ashah, Assigned: zalun)
References
Details
Attachments
(1 file)
|
612.54 KB,
image/png
|
Details |
Screenshot showing CSRF failure during copy
Currently, we can only create a single copy of an add-on. But, this behavior should be duplicated and users should be allowed to create multiple copies of an add-on.
|
Assignee | |
Updated•13 years ago
|
Priority: -- → P3
Target Milestone: --- → Builder 0.9.4
|
|
Assignee | |
Updated•13 years ago
|
Assignee: nobody → zaloon
|
||
Updated•13 years ago
|
Target Milestone: Builder 0.9.4 → Builder 0.9.5
|
|
Assignee | |
Comment 1•13 years ago
|
||
https://github.com/zalun/FlightDeck/commit/035c76ef4c31c191c230adda93f52b66d52baeba
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 2•13 years ago
|
||
Name convention change https://github.com/zalun/FlightDeck/commit/8b413e2fbc97af857729737ac76925019b5a420b
|
||
Comment 3•13 years ago
|
||
Reopening; failing due to CSRF check 403'ing: [11:02:04.835] GET https://builder-addons.allizom.org/module/1377/ [HTTP/1.1 200 OK 53ms] [11:02:05.004] GET https://builder-addons.allizom.org/addon/1000219/latest/worker-javascript.js [HTTP/1.1 304 NOT MODIFIED 398ms] [11:02:06.280] GET https://builder-addons.allizom.org/get_latest_revision_number/1000219/ [HTTP/1.1 200 OK 18ms] [11:02:06.354] POST https://builder-addons.allizom.org/addon/copy/1000219/revision/96/ [HTTP/1.1 403 FORBIDDEN 3029ms]
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
||
Comment 4•13 years ago
|
||
|
|
Assignee | |
Comment 5•13 years ago
|
||
Looks like it works for me - is this fixed already?
|
|
||
Comment 6•13 years ago
|
||
(In reply to comment #5) > Looks like it works for me - is this fixed already? No, can still reproduce; are you testing in prod, or staging?
|
|
Assignee | |
Comment 7•13 years ago
|
||
I checked in prod and trunk (as your screenshot was from trunk)
|
||
Comment 8•13 years ago
|
||
I am unable to reproduce as well. Anything else that might be different?
|
|
||
Comment 9•13 years ago
|
||
(In reply to comment #8) > I am unable to reproduce as well. Anything else that might be different? Sorry, not that I can think of; here's a screencast showing the issue from start to finish: http://screencast.com/t/yQB2WPUZoNGf
|
|
Assignee | |
Comment 10•13 years ago
|
||
I am able to reproduce now - one has to start logged out
|
|
Assignee | |
Comment 11•13 years ago
|
||
Looks like the csrftoken is wrong. It is reset when creating another Package. From that moment one may copy any add-on
|
|
Assignee | |
Comment 12•13 years ago
|
||
The reproduce steps from screencast don't always work. After I came through the process of changing the csrftoken in cookies, I was able to replicate the steps without reproducing the bug
|
|
Assignee | |
Updated•13 years ago
|
Summary: Allow users to create copy of a copy of an add-on → Copying of an addon results in broken Session Cookie if started as anonymous
|
|
Assignee | |
Updated•13 years ago
|
Target Milestone: Builder 0.9.5 → Builder 0.9.10
|
||
Updated•13 years ago
|
Target Milestone: Builder 0.9.10 → Builder 0.9.11
|
|
||
Updated•13 years ago
|
Target Milestone: Builder 0.9.11 → Builder 1.0
|
|
Assignee | |
Comment 14•13 years ago
|
||
I will code in a workaround - do not display [Copy] link if not logged in
|
|
Assignee | |
Comment 15•13 years ago
|
||
In review https://github.com/zalun/FlightDeck/commit/cb1a58b7eb13309e33d8f0fc3b8ca6292c3340a4
Status: REOPENED → ASSIGNED
|
|
Assignee | |
Comment 17•13 years ago
|
||
Marking as fixed, browserId should solve this issue and anonymous copying will become possible again
Status: ASSIGNED → RESOLVED
Closed: 13 years ago → 13 years ago
Resolution: --- → FIXED
|
||
Comment 18•13 years ago
|
||
Copy can't be done if not logged in now so the workflow is no longer valid. Will need to re-test for this bug if we re-enable anonymous copying
Status: RESOLVED → VERIFIED
|
|
Assignee | |
Comment 20•13 years ago
|
||
Alexandre Poirot (:ochameau) 2011-10-28 05:22:04 PDT commented in bug 665950: There is still an issue with "Copy" feature. If always fails if you have never create an addon while you signed in! Steps to reproduce: Logout Sign in open any existing addon click on Copy --> CSRF error popup Now if you create an addon, then open an addon. Copy is going to work :o
Status: VERIFIED → REOPENED
Resolution: FIXED → ---
|
|
Assignee | |
Updated•13 years ago
|
Summary: Copying of an addon results in broken Session Cookie if started as anonymous → Copying of an addon results in broken Session Cookie if action done just after login
|
|
Assignee | |
Updated•12 years ago
|
Target Milestone: Builder 1.0 → Q2 2012
|
|
||
Comment 21•10 years ago
|
||
the add-on builder project has been retired. More info at https://blog.mozilla.org/addons/2013/12/18/add-on-builder/
Status: REOPENED → RESOLVED
Closed: 13 years ago → 10 years ago
Resolution: --- → WONTFIX
|
||
Updated•10 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•