Opened 8 years ago

Closed 8 years ago

#564 closed defect (fixed)

Cookie blocking leads to cryptic errors

Reported by: spaetz Owned by:
Priority: major Milestone: 0.3.3
Component: programming Keywords:
Cc: nyergler Parent Tickets:

Description

Trying to log in, I received a "403 Forbidden" page with no further information, the GMG log included a "ERROR [mediagoblin.meddleware.csrf] CSRF cookie not present" statement.

It took a while until I realized it was my cookie blocker that caused this. Can we capture this specific case somehow and test whether cookie setting is disabled? I know that django tries to set test cookies at some points in time. Perhaps this should be tested in the CSRF meddleware in case of CSRF failure?

In any case, we should hand back a nicer error message than 403 forbidden when the user has cookies disabled :-).

Subtickets

Change History (4)

comment:1 Changed 8 years ago by Christopher Allan Webber

Cc: nyergler added

cc'ing nyergler.

comment:2 Changed 8 years ago by spaetz

My branch 564_cookie_blocking_error fixes this by giving back nicer error messages. It required some restructuring to avoid cyclic imports.

comment:3 Changed 8 years ago by spaetz

Milestone: 0.3.3

comment:4 Changed 8 years ago by spaetz

Resolution: fixed
Status: newclosed

Fixed with commit 947c08a and the previous work to enable cusomized error messages etc.

Last edited 8 years ago by spaetz (previous) (diff)
Note: See TracTickets for help on using tickets.