[Libreoffice-qa] Moztrap login CSRF issue fix - testing needed.
Yi Fan Jiang
yfjiang at suse.com
Sun Sep 23 21:37:03 PDT 2012
Dear all,
About the annoying login CSRF issue (nearly everyone has experienced),
it seems gone after some tuning of the Caching method of Moztrap today.
Would you help to have a try. I tested it myself in the latest Firefox
and Chrome with cheerful login path :)
To test it:
1. logout and login with native user/pwd -> you should not see the csrf error
2. logout and login with your Persona -> you should not see the csrf error
3. register a new user with the native registration form -> you should not see the CSRF error whenever in the process of registration
http://vm12.documentfoundation.org/users/register/
4. try to reset the password -> you should not see the CSRF error whenever in the process of resetting password
Finally, just let me leave a tech-note here of what I did (basically it's all about to use a memcached backend):
1. install memchached and related bindings instead of anything else :)
memcached
libmemcached-dev
pylibmc
python-pylibmc
2. enable the memcached backend in Moztrap in settings/local.py:
CACHES = {
"default": {
"BACKEND": 'django.core.cache.backends.memcached.MemcachedCache',
"LOCATION": "vm12.documentfoundation.org:11211",
}
}
The tokens now should be cached reliably now.
Best wishes,
Yifan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/libreoffice-qa/attachments/20120923/82314da0/attachment.html>
More information about the Libreoffice-qa
mailing list