Issue #2570 invalid

FireFox Preventing BitBucket.com Account Log On

Tom Gaughan
created an issue

I am unable to log in to my bitbucket.com account via FireFox 3.6.15

No problem when using IE6 or Google Chrome 9.0.597.107

Forbidden (403) CSRF verification failed. Request aborted. You are seeing this message because this HTTPS site requires a 'Referer header' to be sent by your Web browser, but none was sent. This header is required for security reasons, to ensure that your browser is not being hijacked by third parties. If you have configured your browser to disable 'Referer' headers, please re-enable them, at least for this site, or for HTTPS connections, or for 'same-origin' requests. More information is available with DEBUG=True.

Comments (1)

  1. Dylan Etkin

    Hi Tom,

    Bitbucket uses a referer header to stop CSRF attacks. As the message states, you have likely disabled Referer headers in firefox and this is why you are unable to use it against Bitbucket.

    If you would like to use firefox with Bitbucket then I am afraid you will have to enable Referer headers.

    I hope this helps,

    Dylan

  2. Log in to comment