Launchpad itself

bug subscription error when referer is disabled is horrible

Bug #752409 reported by Björn Jacke on 2011-04-06

This bug report is a duplicate of: Bug #560246: Launchpad requires the REFERER header on form submission breaking with noscript and other privacy/spam browser plugins. Edit Remove

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Launchpad itself	Triaged	High	Unassigned

Bug Description

subscribing myself or someone else to https://bugs.launchpad.net/debian/+source/vsftpd/+bug/590537 was not possible with the following error popping up:

Error: Launchpad system error fieldset.collapsed div, fieldset div.collapsed {display: none;}
fieldset.collapsible div, fieldset div.collapsed {display: block;} var LP = { cache: {}, links:
{} }; var cookie_scope = '; Path=/; Secure; Domain=.launchpad.net'; // Define a global YUI
sandbox that should be used by everyone. var LPS = YUI({ // Don't try to fetch the loader
module. bootstrap: false, // Don't try to fetch CSS files. fetchCSS: false, // Turn off combo
loading. combine: false, // For paranoia, set a low timeout to not wait on loading a resource.
timeout: 50 }); LPS.use('node', 'lp', 'lp.app.links', function(Y) { Y.on('load', function(e) {
sortables_init(); initInlineHelp(); Y.lp.activate_collapsibles(); activateFoldables();
activateConstrainBugExpiration(); Y.lp.app.links.check_valid_lp_links(); }, window); // Hook up
the function that dismisses the help window if we click // anywhere outside of it.
Y.on('click', handleClickOnPage, window); Y.on('lp:context:web_link:changed', function(e) {
window.location = e.new_value; }); }); var _gaq = _gaq || []; _gaq.push(['_setAccount',
'UA-12833497-1']); _gaq.push(['_setDomainName', '.launchpad.net']); _gaq.push(['_setAllowHash',
false]); _gaq.push(['_trackPageview']); (function() { var ga =
document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src =
('https:' == document.location.protocol ? 'https://ssl' : 'http://www') +
'.google-analytics.com/ga.js'; (document.getElementsByTagName('head')[0] ||
document.getElementsByTagName('body')[0]).appendChild(ga); })(); bjoern-j3e • No REFERER Header
Launchpad requires a REFERER header to perform this action. There is no REFERER header present.
This can be caused by configuring your browser to block REFERER headers. Unblock REFERER
headers for launchpad.net and try again, or see the FAQ Why does Launchpad require a REFERER
header? for more information. You can also join the #launchpad IRC support channel on
irc.freenode.net for further assistance. • Take the tour • Read the guide © 2004-2011
Canonical Ltd. • Terms of use • Contact Launchpad Support • System status • r12735 (get
the code) LP.links['me'] = '/~bjoern-j3e';

Tags:

Revision history for this message

Robert Collins (lifeless) wrote on 2011-04-06:

Looks like have a plugin preventing the referer header being sent: "No REFERER Header
Launchpad requires a REFERER header to perform this action.". I'm going to mark this bug as the error being horrible - the referer header is required as its part of our xsrf protection.

summary:	- subscribing to bug not possible + bug subscription error when referer is disabled is horrible
Changed in launchpad:
status:	New → Triaged
importance:	Undecided → High
tags:	added: ui

Revision history for this message

Björn Jacke (bjoern-j3e) wrote on 2011-04-06:

so not even writing comments is possible with my FF4, which has only noscript running which treats launchpad.net as trusted site however. btw: no referrer blocker running here.

Revision history for this message

Robert Collins (lifeless) wrote on 2011-04-06: Re: [Bug 752409] Re: bug subscription error when referer is disabled is horrible

noscript blocks referer as well AIUI.

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #560246 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.