Hi, On Wed, Jun 29, 2016 at 7:47 AM, Atanas Beloborodov <nask0@xxxxxxxxx> wrote: > Hi there, > i just noticed that, after login in FAS, there is a button "I am a human" > for CSRF check. > It's all good, but clicking button makes POST request to > (admin.fedoraproject.org/accounts/login?_csrf_token=<token>) which returns > 302 Found and redirects to a same url (GET request) , which returns 403 > Forbidden. > It seems that navigation "knows" that i am logged in, but content part do > not :) > See attached screenshot and log for more info, since it's early morning and > i do not provide a good explanation. I wonder if you've seen this happen more often. My current theory is that you were caught in between the expiry of your session, so when it generated the page with the "I am human" button you were near the end of your session, but it was just visible, but when you clicked it it had just expired. If you see this more often, please do let me know and I can look further. _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
