Issue #2982 resolved

[403] CSRF verification failed

Samuel Marks
created an issue

Good morning,

Unfortunately I get the following error when trying to amend (add new comment) to one of my bitbucket issues:

{{{ Forbidden (403)

CSRF verification failed. Request aborted.

You are seeing this message because this HTTPS site requires a 'Referer header' to be sent by your Web browser, but none was sent. This header is required for security reasons, to ensure that your browser is not being hijacked by third parties.

If you have configured your browser to disable 'Referer' headers, please re-enable them, at least for this site, or for HTTPS connections, or for 'same-origin' requests.

More information is available with DEBUG=True. }}}

I'm running Windows 7 SP1 x64 with Opera 11.50 (Build 1074).

Attached is a screenshot of my settings. I have also tried adding bitbucket as a security exception and trying form submission without a proxy.

Please fix this ASAP (or if it's a problem on my end, tell me how to fix it).


Samuel Marks

Comments (8)

  1. Dylan Etkin

    Hi Samuel,

    Bitbucket uses a Referer header to stop CSRF attacks. As the error message should have stated, you have likely disabled (or an add-on might have changed it).

    I have tried commenting on an issue in the 11.50 version of Opera and did not have the same problem. This is a default setup of Opera. I am not exactly sure how to configure that setting in Opera.

    In Firefox you can type about:config in your address bar, and search for Network.http.sendRefererHeader preference.

    You can read up on that setting here:

    Sorry for the trouble, I hope this helps,


  2. Samuel Marks reporter
    • changed status to new

    No worries, must be something wrong with my configuration (since it worked for you).

    I'll try again at Uni using a clean version of Opera.

    Thanks for your time

  3. Marko Burjek

    The same problem with verification is also when adding ssh keys to a repository. And it is very frustrating. You add a key and nothing happens. I tried 3 times. Only after opening developer tools in browser you can see that you get error 403 and a problem could be with referrer headers.

    I think Error should be shown to a user. I know this is developer oriented site but still.

  4. Log in to comment