Closed
Bug 679505
Opened 14 years ago
Closed 14 years ago
Mobile login fails with 403 (CSRF verification failed)
Categories
(addons.mozilla.org Graveyard :: Public Pages, defect)
addons.mozilla.org Graveyard
Public Pages
Tracking
(Not tracked)
RESOLVED
WORKSFORME
6.2.1
People
(Reporter: krupa.mozbugs, Assigned: gkoberger)
References
()
Details
Mozilla/5.0 (Android; WOW64; Linux armv7l;rv:5.0) Gecko/20110603 Firefox/5.0 Fennec/5.0
steps to reproduce:
1. Load https://addons.allizom.org/z/en-US/mobile/users/login
2. Log in with valid credentials
expected behavior:
User logs in
actual behavior:
CSRF failure-403
[14:33:37.316] POST https://addons.allizom.org/z/en-US/mobile/users/login [HTTP/1.1 403 FORBIDDEN 117ms]
|
||
Comment 1•14 years ago
|
||
It worked for me and looks super good.
|
Assignee | |
Comment 2•14 years ago
|
||
I was able to log in with no issues, however had CSRF issues when I hit back and tried to log in again. However, this happens with almost every form on zamboni (including the non-mobile login: http://cl.ly/0r0k1B3L1p0f2U303w1F).
I'm assuming Krupa just had an old CSRF token somehow. We need to figure out a way to fix this -- Jeff?
|
|
||
Comment 3•14 years ago
|
||
(In reply to Gregory Koberger (:gkoberger) from comment #2)
> I'm assuming Krupa just had an old CSRF token somehow. We need to figure
> out a way to fix this -- Jeff?
Request/response headers and the tokens you see in the page would be quite helpful.
|
||
Comment 4•14 years ago
|
||
I'm not too worried about the hitting back use case. For what its worth, I tried this today too and it worked great.
|
|
||
Updated•14 years ago
|
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → WORKSFORME
|
||
Updated•10 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•