Found a template in fas that is not adding the csrf token properly.
The Add User button on: https://admin.fedoraproject.org/accounts/group/view/
This is just an annoyance (one particular link leading people to the CSRF login page instead of directly to the action they requested) but the fix is easy and non-intrusive.
Patch is:
@@ -77,7 +77,8 @@ <py:if test="can_sponsor"> <dt>${_('Add User:')}</dt> <dd> - <form action="${tg.url('/group/application_screen/%s' % group.name)}"> + <form action="${tg.url('/group/application_screen/%s' % group.name)}" + method="post"> <input type='text' size='15' name='targetname'/> <input type="submit" value="${('Add')}" />
-Toshio
On 2009-03-12 08:05:45 AM, Toshio Kuratomi wrote:
Patch is:
@@ -77,7 +77,8 @@ <py:if test="can_sponsor"> <dt>${_('Add User:')}</dt> <dd>
<form action="${tg.url('/group/application_screen/%s' %
group.name)}">
<form action="${tg.url('/group/application_screen/%s' %
group.name)}"
method="post"> <input type='text' size='15' name='targetname'/> <input type="submit" value="${('Add')}" />
+1
Thanks, Ricky
On Thu, 12 Mar 2009, Toshio Kuratomi wrote:
Found a template in fas that is not adding the csrf token properly.
The Add User button on: https://admin.fedoraproject.org/accounts/group/view/
This is just an annoyance (one particular link leading people to the CSRF login page instead of directly to the action they requested) but the fix is easy and non-intrusive.
Patch is:
@@ -77,7 +77,8 @@ <py:if test="can_sponsor"> <dt>${_('Add User:')}</dt> <dd>
<form action="${tg.url('/group/application_screen/%s' %
group.name)}">
<form action="${tg.url('/group/application_screen/%s' %
group.name)}"
method="post"> <input type='text' size='15' name='targetname'/> <input type="submit" value="${('Add')}" />
+1
-Mike
infrastructure@lists.fedoraproject.org