Copy fails with CSRF error

RESOLVED DUPLICATE of bug 652875

Status

P1
major
RESOLVED DUPLICATE of bug 652875
8 years ago
4 years ago

People

(Reporter: andy+bugzilla, Assigned: zalun)

Tracking

unspecified
Builder 1.0

Details

(Reporter)

Description

8 years ago
Clicking on copy in builder generates a 403 error, CSRF verification failed.

http://screencast.com/t/zyvT0TYZAV
Target Milestone: --- → Builder 0.9.7
Didn't AMO change the way they handle CSRF? Would us pulling that into Flightdeck help remove these errors?
Severity: normal → major
Priority: -- → P1
Yeah, they no longer use the built-in CSRF (which means you don't need referrers on anymore).  They're also using jinja though, and I'm not sure if that is integrated or not.
Assignee: nobody → zaloon
Severity: major → critical
(Assignee)

Comment 3

8 years ago
Copy shouldn't be a POST - it's just taking the revision.pk and copies it to a new package.
in review https://github.com/zalun/FlightDeck/commit/9b430f7d2b1ce2ff74686bca00e9c1b1b22ee266
Status: NEW → ASSIGNED
r-.  Copy does need to be a POST.  You're altering data for the user on the server
(Assignee)

Comment 5

8 years ago
right
Status: ASSIGNED → NEW
(Assignee)

Comment 6

8 years ago
and it wasn't the case as the 'post' isn't even called.
CSRF is broken when user is redirected after successful login.
I think it might happen be that the page is loaded from browser cache with wrong csrf.
(Assignee)

Updated

8 years ago
Target Milestone: Builder 0.9.7 → Builder 0.9.8
Severity: critical → major
Target Milestone: Builder 0.9.8 → Builder 1.0
(Assignee)

Updated

7 years ago
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 652875
There is still an issue with "Copy" feature.
If always fails if you have never create an addon while you signed in!

Steps to reproduce:
 Logout
 Sign in
 open any existing addon
 click on Copy
 --> CSRF error popup
 
 Now if you create an addon, then open an addon. Copy is going to work :o
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
(Assignee)

Updated

7 years ago
Status: REOPENED → RESOLVED
Last Resolved: 7 years ago7 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 652875
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.