Re: FAS "I am human" button issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

On Wed, Jun 29, 2016 at 7:47 AM, Atanas Beloborodov <nask0@xxxxxxxxx> wrote:
> Hi there,
> i just noticed that, after login in FAS, there is a button "I am a human"
> for CSRF check.
> It's all good, but clicking button makes POST request to
> (admin.fedoraproject.org/accounts/login?_csrf_token=<token>)  which returns
> 302 Found and redirects to a same url (GET request) , which returns 403
> Forbidden.
> It seems that navigation "knows" that i am logged in, but content part do
> not :)
> See attached screenshot and log for more info, since it's early  morning and
> i do not provide a good explanation.

I wonder if you've seen this happen more often.
My current theory is that you were caught in between the expiry of your session,
so when it generated the page with the "I am human" button you were near the
end of your session, but it was just visible, but when you clicked it
it had just
expired.

If you see this more often, please do let me know and I can look further.
_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://lists.fedoraproject.org/admin/lists/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux