Hi there, i just noticed that, after login in FAS, there is a button "I am a human" for CSRF check. It's all good, but clicking button makes POST request to ( admin.fedoraproject.org/accounts/login?_csrf_token=<token>) which returns 302 Found and redirects to a same url (GET request) , which returns 403 Forbidden. It seems that navigation "knows" that i am logged in, but content part do not :) See attached screenshot and log for more info, since it's early morning and i do not provide a good explanation.