/oauth/request/ fails with CSRF verification failed. Request aborted.

Bug #686697 reported by Roman Yepishev
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu One Servers
Fix Released
High
Martin Albisetti

Bug Description

The following text appears in the UI:

Forbidden <span>(403)

CSRF verification failed. Request aborted.

You are seeing this message because this HTTPS site requires a 'Referer
   header' to be sent by your web browser, but none was sent. This header is
   required for security reasons, to ensure that your browser is not being
   hijacked by third parties.</p>

The script at http://paste.ubuntu.com/540725/ reproduces that easily.

Revision history for this message
Roman Yepishev (rye) wrote :
visibility: private → public
Martin Albisetti (beuno)
Changed in ubuntuone-servers:
assignee: Ubuntu One web team (ubuntuone-web) → Martin Albisetti (beuno)
status: Confirmed → In Progress
Martin Albisetti (beuno)
Changed in ubuntuone-servers:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.