Closed Bug 819289 Opened 8 years ago Closed 5 years ago

Do not depend on HTTP Referer to allow a wiki edit

Categories

(developer.mozilla.org Graveyard :: User management, task)

x86
Linux
task
Not set
normal

Tracking

(Not tracked)

RESOLVED DUPLICATE of bug 789016

People

(Reporter: bruant.d, Unassigned)

Details

My user account is "dbruant".
I can login, I can click on "edit" and see the editor, but on clicking either "preview changes" or "save changes", I see an error page saying I'm not allowed to and the change isn't performed.
I just made a modification. Can you try again?
I don't see a difference :-(
Apparently, I can't edit any page...
Originally tried https://developer.mozilla.org/en-US/docs/Mozilla/Boot_to_Gecko/Debugging_on_Boot_to_Gecko/Setting_up
But also tried https://developer.mozilla.org/en-US/docs/DOM/document.createComment
Summary: I can't edit https://developer.mozilla.org/en-US/docs/Mozilla/Boot_to_Gecko/Debugging_on_Boot_to_Gecko/Setting_up → I can't edit any page
I can edit pages on Chrome.
I tried to clear my Firefox (Aurora) cookies and restart it, but I have the same problem even after that. I don't really know what to do next.
Summary: I can't edit any page → I can't edit any page on Firefox Aurora
I also tried to "ban" him and "unban", but without success.
Daniel Holbert got the same problem today. It works in Chrome but not with Nightly.
He tried with a new profile and it solved it. Could you confirm?
Any news here Jean-Yves or David?
(In reply to David Walsh :davidwalsh from comment #7)
> Any news here Jean-Yves or David?
I had given up and worked from Chrome.

(In reply to Jean-Yves Perrier [:teoli] from comment #6)
> Daniel Holbert got the same problem today. It works in Chrome but not with
> Nightly.
> He tried with a new profile and it solved it. Could you confirm?
I just tried safe mode and I could edit. So it comes from one of my add-ons... and it actually wasn't hard to pin down which one: RefControl https://addons.mozilla.org/fr/firefox/addon/refcontrol/
I have configured it to never send the Referer header to any website.

For whatever reason or purpose, edits on Kuma rely on the Referer header being sent.
For my own personal case, I've just configured RefControl to send the Referer normally to dev.moz.org (and I can edit). But probably Kuma should accept edits even if there is no referer... maybe Kuma uses the referer to figure out which page is being edited?
Requiring a referer can sometimes be a spam prevention technique; I'll see what the rest of the team says.
(In reply to David Walsh :davidwalsh from comment #9)
> Requiring a referer can sometimes be a spam prevention technique; 
In this particular instance (editing the wiki), the user has to be logged-in, so if he/she is spamming, the account can be suspended and it might be possible to remove all spamish content in one click (is there something like that implemented or on track?).

> I'll see what the rest of the team says.
Repurposing the bug, you can invite them here to discuss :-)
Summary: I can't edit any page on Firefox Aurora → Do not depend on HTTP Referer to allow a wiki edit
Yep, I understand that you must log in to make edits;  my thought was that there's probably a blanket Django policy that requires a referrer.  I'm sure we can work this out.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 789016
Product: developer.mozilla.org → developer.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.