[Libreoffice-qa] [MozTrap] CSRF error after login (error 403)

Yifan Jiang yfjiang at suse.com
Thu Dec 26 18:11:10 PST 2013 

Hi Thomas,

Did you use username, Persona or Openid to login? The problem was
there for some time because of the server side cache, but I think it
should have been configured properly long before.

I suspect it might be because of the client side. Would you double
check your cookie/plugin settings? Preferrably to launch a brand new
instance of firefox without plugins and make sure cookies is
accepted. For example, close all your firefox window, then launch "firefox -safe-mode".

Then we may define where the problem is. On the other hand, to see if
your account works, you could also try logging using another browser
like Chrome.

Best wishes,
Yifan

On Thu, Dec 26, 2013 at 05:52:10PM +0100, Thomas Hackert wrote:
> Hello Sophie, Yifan, *,
> after waiting a couple of days for answers to my mails here, I 
> wanted to continue my MozTrap test. But for whatever reason I get 
> only
> 
> <quote>
> Forbidden (403)
> 
> CSRF verification failed. Request aborted.
> Help
> 
> Reason given for failure:
> 
>     CSRF token missing or incorrect.
>     
> In general, this can occur when there is a genuine Cross Site 
> Request Forgery, or when Django's CSRF mechanism has not been used 
> correctly. For POST forms, you need to ensure:
> 
>     Your browser is accepting cookies.
>     The view function uses RequestContext for the template, instead 
> of Context.
>     In the template, there is a {% csrf_token %} template tag inside 
> each POST form that targets an internal URL.
>     If you are not using CsrfViewMiddleware, then you must use 
> csrf_protect on any views that use the csrf_token template tag, as 
> well as those that accept the POST data.
> 
> You're seeing the help section of this page because you have DEBUG = 
> True in your Django settings file. Change that to False, and only 
> the initial error message will be displayed.
> 
> You can customize this page using the CSRF_FAILURE_VIEW setting.
> </quote>
> 
> as an answer ... :( As I have allowed the whole domain 
> "*libreoffice*" to NoScript and have disabled AdBlock Edge on our 
> sites, I am not sure, if it is just a problem on my system or if 
> anyone else is affected ... :( Could you have a look at the site, 
> please (and hopefully will be able to fix it ... ;) )?
> TIA
> Thomas.
> 

-- 
  Yifan Jiang
  SUSE Desktop, Libreoffice /SUSE
  Contact: yifan - irc.freenode.net/libreoffice
  =============================================  
  http://www.libreoffice.org/
  http://www.documentfoundation.org/

More information about the Libreoffice-qa mailing list