Forbidden 403:CSRF verification failed; aborted
Posted: Mon Sep 20, 2010 3:11 pm
Hello...
I'm trying to submit a review on one of the Mozilla Firefox Add-ons pages, and this is the Mozilla add-on page which has the add-on I want to give a review about:
https://addons.mozilla.org/en-US/firefox/addon/12766/
The add-on is called "CookieKiller".
(a) I then perform my login with name/password, and all is just fine.
(b) I click on the "Review" button in order to make my comments, and I get taken to a different web page for making comments, and all is still just fine.
(c) After typing my review comments, when I click on the "submit" button...I get redirected to a page that displays a CSRF notification. I've tried several times but get the same response.
(d) The CSRF notification page states the following:
Forbidden (403)
CSRF verification failed. Request aborted.
More information is available with DEBUG=True.
I don't remember ever seeing this type of warning before. I decided to do an "about:config" and typed the word "debug", and I found 4 items listed:
PREFERENCE NAME..................STATUS.....TYPE.......VALUE
(1) browser.formfill.debug.........default......boolean...false
(2) noscript.clearClick.debug......default......boolean...false
(3) noscript.surrogate.debug......default......boolean...false
(4) signon.debug.....................default......boolean...false
I don't know anything about "debugging", but if I was forced to make a guess, I'd guess that the "browser.formfill.debug" listing might need to be changed to "true". BUT I sure don't know! AND I would never simply change it without finding out a responsible answer first! After all, that may not have anything at all to do with the problem.
I've looked at the NoScript webpage for help and I've looked at my NoScript icon data. I've read about XSS (cross site scripting), but I still don't much about this. I see that CSRF means "cross site request forgery", and I just read that usually this can be caused from developer errors, but this also can be dangerous.
Can someone please explain whether or not I personally should be doing something to fix this problem?
I'm trying to submit a review on one of the Mozilla Firefox Add-ons pages, and this is the Mozilla add-on page which has the add-on I want to give a review about:
https://addons.mozilla.org/en-US/firefox/addon/12766/
The add-on is called "CookieKiller".
(a) I then perform my login with name/password, and all is just fine.
(b) I click on the "Review" button in order to make my comments, and I get taken to a different web page for making comments, and all is still just fine.
(c) After typing my review comments, when I click on the "submit" button...I get redirected to a page that displays a CSRF notification. I've tried several times but get the same response.
(d) The CSRF notification page states the following:
Forbidden (403)
CSRF verification failed. Request aborted.
More information is available with DEBUG=True.
I don't remember ever seeing this type of warning before. I decided to do an "about:config" and typed the word "debug", and I found 4 items listed:
PREFERENCE NAME..................STATUS.....TYPE.......VALUE
(1) browser.formfill.debug.........default......boolean...false
(2) noscript.clearClick.debug......default......boolean...false
(3) noscript.surrogate.debug......default......boolean...false
(4) signon.debug.....................default......boolean...false
I don't know anything about "debugging", but if I was forced to make a guess, I'd guess that the "browser.formfill.debug" listing might need to be changed to "true". BUT I sure don't know! AND I would never simply change it without finding out a responsible answer first! After all, that may not have anything at all to do with the problem.
I've looked at the NoScript webpage for help and I've looked at my NoScript icon data. I've read about XSS (cross site scripting), but I still don't much about this. I see that CSRF means "cross site request forgery", and I just read that usually this can be caused from developer errors, but this also can be dangerous.
Can someone please explain whether or not I personally should be doing something to fix this problem?