G

Error message when checking tickets on web frontend without being logged

The following error message is shown when viewing tickets on web frontend without being connected:
Can't get base identities: {'fullname': 'InternalError', 'message': 'Forbidden'}

G

goffi 21. 10. 2021 9:06

This is due to invalid CSRF token when checking tickets from different URLs (https://bugs.goffi.org/bugs/view/400 then https://www.goffi.org/bugs/view/400 for instance, the CSRF is first set for `bugs.goffi.org` then for `www.goffi.org` so there is a mismatch). The short term fix has been to redirect older https://bugs.goffi.org and other matching URLs to https://www.goffi.org/tickets using the HTTP Server. Long term solution would be to match domain name with CSRF to handle aliases. I'm letting this ticket open as a reminder.

id

400

author

Goffi

created

8. 10. 2021 16:13

updated

22. 10. 2021 16:49

labels
web tickets
type
bug
status
closed
priority
normal
milestone
0.7
severity
normal