Closed
Bug 826928
Opened 13 years ago
Closed 13 years ago
Unauthorized/forbidden call to /api/whoami because of CSRF on Popcorn Maker's basic-template page
Categories
(Webmaker Graveyard :: Popcorn Maker, defect)
Webmaker Graveyard
Popcorn Maker
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: stephend, Assigned: jon)
References
()
Details
Attachments
(1 file)
|
388.54 KB,
image/png
|
Details |
Screenshot
Just loading https://popcorn.webmaker.org/templates/basic/ with Firefox, I get in my Web Console:
[17:27:46.727] GET https://popcorn.webmaker.org/api/whoami [HTTP/1.1 403 Forbidden 167ms]
Looking at the response body, I see:
{"error":"unauthorized","csrf":"UOubWcF9Zvktfv6SbApwWupy"}
|
||
Updated•13 years ago
|
Assignee: nobody → jon
Status: NEW → ASSIGNED
|
Assignee | |
Comment 1•13 years ago
|
||
Code being reviewed at: https://webmademovies.lighthouseapp.com/projects/65733/tickets/2990-bug-826928-apiwhoami-failing-confuses-people
I'm going to mark this as resolved, since it's a small patch and should land today.
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
|
Reporter | |
Comment 2•13 years ago
|
||
(In reply to Jon Buckley [:jbuck] from comment #1)
> Code being reviewed at:
> https://webmademovies.lighthouseapp.com/projects/65733/tickets/2990-bug-
> 826928-apiwhoami-failing-confuses-people
>
> I'm going to mark this as resolved, since it's a small patch and should land
> today.
Thanks; any idea when this will be pushed live?
|
|
Assignee | |
Comment 3•13 years ago
|
||
Not sure, but you can test it out on the staging server at http://popcorn.rekambew.org/templates/basic/
|
|
Reporter | |
Comment 4•13 years ago
|
||
(In reply to Jon Buckley [:jbuck] from comment #3)
> Not sure, but you can test it out on the staging server at
> http://popcorn.rekambew.org/templates/basic/
Thanks, Jon. What's your process -- do we mark it verified on staging or production?
|
|
Assignee | |
Comment 5•13 years ago
|
||
Hm, we don't really have a process for when we mark a bug verified as fixed. What's the standard Mozilla QA procedure? I'd just follow that
|
|
Reporter | |
Comment 6•13 years ago
|
||
(In reply to Jon Buckley [:jbuck] from comment #5)
> Hm, we don't really have a process for when we mark a bug verified as fixed.
> What's the standard Mozilla QA procedure? I'd just follow that
No standard, even within Web QA projects -- some groups want Verified on staging, others on production. I'll wait until it's pushed to production; thanks!
|
|
Assignee | |
Comment 7•13 years ago
|
||
It's on prod now! Verify away~
|
||
Updated•12 years ago
|
Product: Popcorn → Webmaker
You need to log in
before you can comment on or make changes to this bug.
Description
•