Closed Bug 685920 Opened 14 years ago Closed 14 years ago

Missing CSRF token for Anonymous request to /password_reset

Categories

(Participation Infrastructure :: Phonebook, defect)

Product:
Participation Infrastructure
Component:
Phonebook
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: ozten, Unassigned)

Details

I sometimes see pages without a CSRF token. Steps to Reproduce: 1) Clear cookies 2) Request one of these urls https://mozillians-dev.allizom.org/en-US/password_reset https://mozillians-dev.allizom.org/en-US/login Expected: View Source: Second form should contain <div style='display:none'><input type='hidden' name='csrfmiddlewaretoken' value='725d65485f643cede11beb32bf60ed6e' /></div> Actual: Nothing. Browsing the site and coming back then gives a CSRF token. Perhaps this is a session/contextprocessor issue?
tofumatt fixed this is a anonymous csrf decorator.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Verified that input with name csrfmiddlewaretoken is present on both of these pages (using View Source window)
Status: RESOLVED → VERIFIED
Component: mozillians.org → Phonebook
Product: Websites → Community Tools
QA Contact: mozillians-org → phonebook
Version: unspecified → other
You need to log in before you can comment on or make changes to this bug.