403 trying to change goal and statement

[chadwhitacre]

Report in IRC:

Getting 403 "Forbidden Programm" while changing goal and statement.

I can't repro on gittip.com.

[chadwhitacre]

@mbj What browser are you using?

[mbj]

Isnt that obvious from the request headers?

mbj@mbj ~ % chromium --version
Chromium 21.0.1180.81

Sorry for not beeing in chan this day. Lots of commercial stuff today :P

On Wed, Aug 22, 2012 at 11:40:09AM -0700, Chad Whitacre wrote:

@mbj What browser are you using?

---

Reply to this email directly or view it on GitHub:
https://github.com/whit537/www.gittip.com/issues/245#issuecomment-7944594

[mbj]

My email reply got cut.

Im using chromium:

mbj@mbj ~ % chromium --version
Chromium 21.0.1180.81 

[chadwhitacre]

Isn't that obvious from the request headers?

Yes, sorry. That was me trying to buy time by asking a stupid question. 😊

The 403 is coming from the CSRF machinery (see #88 for background; it's borrowed from Django). I checked the logs, and you're running afoul of strict Referer checking. The headers you sent in private gist are missing Referer. Have you turned off Referer intentionally?

[chadwhitacre]

Yes, lack of Referer header was the issue. Closing this and reticketing whether Referer checking is something we need in Gittip: #276.