Closed
Bug 652875
Opened 14 years ago
Closed 11 years ago
Copying of an addon results in broken Session Cookie if action done just after login
Categories
(addons.mozilla.org Graveyard :: Add-on Builder, defect, P3)
Tracking
(Not tracked)
RESOLVED
WONTFIX
Q2 2012
People
(Reporter: ashah, Assigned: zalun)
References
Details
Attachments
(1 file)
|
612.54 KB,
image/png
|
Details |
Screenshot showing CSRF failure during copy
Currently, we can only create a single copy of an add-on. But, this behavior should be duplicated and users should be allowed to create multiple copies of an add-on.
|
Assignee | |
Updated•14 years ago
|
Priority: -- → P3
Target Milestone: --- → Builder 0.9.4
|
|
Assignee | |
Updated•14 years ago
|
Assignee: nobody → zaloon
|
||
Updated•14 years ago
|
Target Milestone: Builder 0.9.4 → Builder 0.9.5
|
|
Assignee | |
Comment 1•14 years ago
|
||
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 2•14 years ago
|
||
Name convention change
https://github.com/zalun/FlightDeck/commit/8b413e2fbc97af857729737ac76925019b5a420b
|
||
Comment 3•14 years ago
|
||
Reopening; failing due to CSRF check 403'ing:
[11:02:04.835] GET https://builder-addons.allizom.org/module/1377/ [HTTP/1.1 200 OK 53ms]
[11:02:05.004] GET https://builder-addons.allizom.org/addon/1000219/latest/worker-javascript.js [HTTP/1.1 304 NOT MODIFIED 398ms]
[11:02:06.280] GET https://builder-addons.allizom.org/get_latest_revision_number/1000219/ [HTTP/1.1 200 OK 18ms]
[11:02:06.354] POST https://builder-addons.allizom.org/addon/copy/1000219/revision/96/ [HTTP/1.1 403 FORBIDDEN 3029ms]
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
||
Comment 4•14 years ago
|
||
|
|
Assignee | |
Comment 5•14 years ago
|
||
Looks like it works for me - is this fixed already?
|
|
||
Comment 6•14 years ago
|
||
(In reply to comment #5)
> Looks like it works for me - is this fixed already?
No, can still reproduce; are you testing in prod, or staging?
|
|
Assignee | |
Comment 7•14 years ago
|
||
I checked in prod and trunk (as your screenshot was from trunk)
|
||
Comment 8•14 years ago
|
||
I am unable to reproduce as well. Anything else that might be different?
|
|
||
Comment 9•14 years ago
|
||
(In reply to comment #8)
> I am unable to reproduce as well. Anything else that might be different?
Sorry, not that I can think of; here's a screencast showing the issue from start to finish: http://screencast.com/t/yQB2WPUZoNGf
|
|
Assignee | |
Comment 10•14 years ago
|
||
I am able to reproduce now - one has to start logged out
|
|
Assignee | |
Comment 11•14 years ago
|
||
Looks like the csrftoken is wrong.
It is reset when creating another Package.
From that moment one may copy any add-on
|
|
Assignee | |
Comment 12•14 years ago
|
||
The reproduce steps from screencast don't always work. After I came through the process of changing the csrftoken in cookies, I was able to replicate the steps without reproducing the bug
|
|
Assignee | |
Updated•14 years ago
|
Summary: Allow users to create copy of a copy of an add-on → Copying of an addon results in broken Session Cookie if started as anonymous
|
|
Assignee | |
Updated•14 years ago
|
Target Milestone: Builder 0.9.5 → Builder 0.9.10
|
||
Updated•14 years ago
|
Target Milestone: Builder 0.9.10 → Builder 0.9.11
|
|
||
Updated•14 years ago
|
Target Milestone: Builder 0.9.11 → Builder 1.0
|
|
Assignee | |
Comment 14•14 years ago
|
||
I will code in a workaround - do not display [Copy] link if not logged in
|
|
Assignee | |
Comment 15•14 years ago
|
||
Status: REOPENED → ASSIGNED
|
|
Assignee | |
Comment 17•14 years ago
|
||
Marking as fixed, browserId should solve this issue and anonymous copying will become possible again
Status: ASSIGNED → RESOLVED
Closed: 14 years ago → 14 years ago
Resolution: --- → FIXED
|
||
Comment 18•14 years ago
|
||
Copy can't be done if not logged in now so the workflow is no longer valid.
Will need to re-test for this bug if we re-enable anonymous copying
Status: RESOLVED → VERIFIED
|
|
Assignee | |
Comment 20•14 years ago
|
||
Alexandre Poirot (:ochameau) 2011-10-28 05:22:04 PDT
commented in bug 665950:
There is still an issue with "Copy" feature.
If always fails if you have never create an addon while you signed in!
Steps to reproduce:
Logout
Sign in
open any existing addon
click on Copy
--> CSRF error popup
Now if you create an addon, then open an addon. Copy is going to work :o
Status: VERIFIED → REOPENED
Resolution: FIXED → ---
|
|
Assignee | |
Updated•14 years ago
|
Summary: Copying of an addon results in broken Session Cookie if started as anonymous → Copying of an addon results in broken Session Cookie if action done just after login
|
|
Assignee | |
Updated•13 years ago
|
Target Milestone: Builder 1.0 → Q2 2012
|
|
||
Comment 21•11 years ago
|
||
the add-on builder project has been retired. More info at https://blog.mozilla.org/addons/2013/12/18/add-on-builder/
Status: REOPENED → RESOLVED
Closed: 14 years ago → 11 years ago
Resolution: --- → WONTFIX
|
||
Updated•11 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•