Found a template in fas that is not adding the csrf token properly. The Add User button on: https://admin.fedoraproject.org/accounts/group/view/ This is just an annoyance (one particular link leading people to the CSRF login page instead of directly to the action they requested) but the fix is easy and non-intrusive. Patch is: @@ -77,7 +77,8 @@ <py:if test="can_sponsor"> <dt>${_('Add User:')}</dt> <dd> - <form action="${tg.url('/group/application_screen/%s' % group.name)}"> + <form action="${tg.url('/group/application_screen/%s' % group.name)}" + method="post"> <input type='text' size='15' name='targetname'/> <input type="submit" value="${('Add')}" /> -Toshio
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
