Ubuntu One Servers

/oauth/request/ fails with CSRF verification failed. Request aborted.

Bug #686697 reported by Roman Yepishev on 2010-12-07

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Ubuntu One Servers	Fix Released	High	Martin Albisetti

Bug Description

The following text appears in the UI:

Forbidden <span>(403)

CSRF verification failed. Request aborted.

You are seeing this message because this HTTPS site requires a 'Referer
   header' to be sent by your web browser, but none was sent. This header is
   required for security reasons, to ensure that your browser is not being
   hijacked by third parties.</p>

The script at http://paste.ubuntu.com/540725/ reproduces that easily.

Tags:

Revision history for this message

Roman Yepishev (rye) wrote on 2010-12-07:

authtest.py Edit (647 bytes, text/x-python)

visibility:

private → public

Martin Albisetti (beuno) on 2010-12-07

Changed in ubuntuone-servers:
assignee:	Ubuntu One web team (ubuntuone-web) → Martin Albisetti (beuno)
status:	Confirmed → In Progress

Martin Albisetti (beuno) on 2010-12-07

Changed in ubuntuone-servers:
status:	In Progress → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

authtest.py Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.