MantisBT - NetSurf
View Issue Details
0000401NetSurf[All Projects] Generalpublic2012-11-13 18:302015-03-10 10:39
ReporterSourceforge Import placeholder 
Assigned ToVincent Sanders 
PrioritynormalSeverityminorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version2.9 
Target VersionFixed in Version3.1 
Fixed in CI build #1595
Reported in CI build #0595
URL of problem page
Summary0000401: CSRF verification failed
DescriptionWith recent versions of NetSurf, I can't leave any comments on http://diamondgeezer.blogspot.com/.

Steps to reproduce:

Navigate to any comment box, e.g. this one: http://tridentscan.jaggedseam.com/dg/2936733284347766779/

Enter anything.

Click 'Preview' (it's not necessary to click 'Publish', although that does it as well).

See the error, "Forbidden (403): CSRF verification failed. Request aborted."

Happens with 0000595, 0000607, 0000640 and 0000651.

Does not happen with 2.9.
Additional Informationnobody added a note on Thu Apr 25 12:23:41 2013

This is no longer reproducible, as the div has recently been removed from the page in question.

Still a bug though.

kinnison added a note on Fri Mar 29 10:32:22 2013

My guess is it has something to do with:

<div style='display:none'><input type='hidden' name='csrfmiddlewaretoken' value='kRLojO3eQK2mkSfXXtAx8eoISL0Oop0p' /></div>

i.e. that the input is inside a hidden div. When we moved to libdom we had to rewrite a lot of the interface to the box construction and to forms. This corner-case may have been missed.

Imported from sourceforge bug http://sourceforge.net/support/tracker.php?aid=3586760 on Tue Dec 10 17:34:12 2013

TagsNo tags attached.
Attached Files

Notes
(0000666)
Vincent Sanders   
2015-03-10 10:39   
Confirmed fixed in 3.1 release

Issue History
2013-12-10 17:41Vincent SandersNew Issue
2013-12-10 17:41Vincent SandersStatusnew => assigned
2013-12-10 17:41Vincent SandersAssigned To => Sourceforge Import placeholder
2013-12-10 17:41Vincent SandersDescription Updatedbug_revision_view_page.php?rev_id=12#r12
2013-12-17 17:26Vincent SandersReported in CI build # => 0595
2013-12-17 17:26Vincent SandersAssigned ToSourceforge Import placeholder =>
2013-12-17 17:26Vincent SandersReproducibilityhave not tried => always
2013-12-17 17:26Vincent SandersStatusassigned => confirmed
2013-12-17 17:26Vincent SandersProduct Version => 2.9
2013-12-17 17:26Vincent SandersDescription Updatedbug_revision_view_page.php?rev_id=277#r277
2013-12-17 17:26Vincent SandersAdditional Information Updatedbug_revision_view_page.php?rev_id=279#r279
2014-01-05 17:22John-Mark BellFixed in CI build # => 1595
2014-01-05 17:22John-Mark BellStatusconfirmed => resolved
2014-01-05 17:22John-Mark BellResolutionno change required => fixed
2014-01-05 17:22John-Mark BellFixed in Version => 3.1
2015-03-10 10:39Vincent SandersNote Added: 0000666
2015-03-10 10:39Vincent SandersStatusresolved => closed
2015-03-10 10:39Vincent SandersAssigned To => Vincent Sanders