Closed
Bug 665950
Opened 14 years ago
Closed 14 years ago
Copy fails with CSRF error
Categories
(addons.mozilla.org Graveyard :: Add-on Builder, defect, P1)
addons.mozilla.org Graveyard
Add-on Builder
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 652875
Builder 1.0
People
(Reporter: andy+bugzilla, Assigned: zalun)
Details
Clicking on copy in builder generates a 403 error, CSRF verification failed.
http://screencast.com/t/zyvT0TYZAV
|
||
Updated•14 years ago
|
Target Milestone: --- → Builder 0.9.7
|
||
Comment 1•14 years ago
|
||
Didn't AMO change the way they handle CSRF? Would us pulling that into Flightdeck help remove these errors?
|
|
||
Updated•14 years ago
|
Severity: normal → major
Priority: -- → P1
|
|
||
Comment 2•14 years ago
|
||
Yeah, they no longer use the built-in CSRF (which means you don't need referrers on anymore). They're also using jinja though, and I'm not sure if that is integrated or not.
|
||
Updated•14 years ago
|
Assignee: nobody → zaloon
Severity: major → critical
|
Assignee | |
Comment 3•14 years ago
|
||
Copy shouldn't be a POST - it's just taking the revision.pk and copies it to a new package.
in review https://github.com/zalun/FlightDeck/commit/9b430f7d2b1ce2ff74686bca00e9c1b1b22ee266
Status: NEW → ASSIGNED
|
|
||
Comment 4•14 years ago
|
||
r-. Copy does need to be a POST. You're altering data for the user on the server
|
|
Assignee | |
Comment 6•14 years ago
|
||
and it wasn't the case as the 'post' isn't even called.
CSRF is broken when user is redirected after successful login.
I think it might happen be that the page is loaded from browser cache with wrong csrf.
|
|
Assignee | |
Updated•14 years ago
|
Target Milestone: Builder 0.9.7 → Builder 0.9.8
|
|
||
Updated•14 years ago
|
Severity: critical → major
Target Milestone: Builder 0.9.8 → Builder 1.0
|
|
Assignee | |
Updated•14 years ago
|
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
|
||
Comment 8•14 years ago
|
||
There is still an issue with "Copy" feature.
If always fails if you have never create an addon while you signed in!
Steps to reproduce:
Logout
Sign in
open any existing addon
click on Copy
--> CSRF error popup
Now if you create an addon, then open an addon. Copy is going to work :o
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
|
|
Assignee | |
Updated•14 years ago
|
Status: REOPENED → RESOLVED
Closed: 14 years ago → 14 years ago
Resolution: --- → DUPLICATE
|
||
Updated•11 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•