Closed Bug 947767 Opened 9 years ago Closed 9 years ago

When signed in, submitting feedback to firefox OS form returns 403 FORBIDDEN


(Input Graveyard :: Submission, defect, P2)



(Not tracked)



(Reporter: rrosario, Assigned: willkg)


(Whiteboard: u=user c=submission p=1 s=input.2014q3)

I know this isn't a big deal since auth'd users shouldn't be submitting feedback, but I found it interesting. I was signed in to stage and testing the Firefox OS form (while taking screenshots) and when I went to submit feedback I got:

POST [HTTP/1.1 403 FORBIDDEN 257ms]
OS: Mac OS X → All
Hardware: x86 → All
I hit this semi-frequently locally with the Firefox OS feedback form but figured it was because gets used for all my development sites and I was mixing cookies. I don't think I've ever hit this with the normal feedback form.
Oh wait--you said you're testing that form. So you're totally hitting the same thing I am.

That uses the API and it's probably the case that if you're logged in, the API expects you to be sending CSRF token. I think there are a couple of options:

1. figure out how to disable CSRF for django-rest-framework things altogether
2. figure out how to not send cookies with the POST

Or something like that. I'll have to look into it more.
Bumping this to next quarter to look into.
Whiteboard: u=user c=submission p= s=input.2014q1
Moving this to 2014q2.

This is kind of annoying. I'd like to get it fixed.
Priority: -- → P2
Whiteboard: u=user c=submission p= s=input.2014q1 → u=user c=submission p= s=input.2014q2
Pushing this off one more quarter. I keep hitting it, but it only affects analysts and admin.
Whiteboard: u=user c=submission p= s=input.2014q2 → u=user c=submission p= s=input.2014q3
Should be fixed in

I'll verify this once I push it to a server.
Assignee: nobody → willkg
Whiteboard: u=user c=submission p= s=input.2014q3 → u=user c=submission p=1 s=input.2014q3
Verified it on stage. IT IS FIXED!
Closed: 9 years ago
Resolution: --- → FIXED
Product: Input → Input Graveyard
You need to log in before you can comment on or make changes to this bug.