Issue #3221 resolved

CSRF Failed

Rhodri Pugh
created an issue

Hi, I've set up my own domain to point to bitbucket as documented here...

and it works, i receive the login page, but when I try to log in I get CSRF error.

http://confluence.atlassian.com/display/BITBUCKET/Using+your+Own+Bitbucket+Domain+Name;jsessionid=AC7E5220108A850CF452B15EDCC98E11

Forbidden (403) CSRF verification failed. Request aborted. More information is available with DEBUG=True.

Thanks, rod.

Comments (11)

  1. Rhodri Pugh reporter
    • changed status to open

    I was actually having this issue in Chrome (which I don't have any extensions enabled for: version 16.0.912.15 dev)

    I have tried Firefox as suggested in the other ticket and get the same error. My setting is 2 for network.http.sendRefererHeader (incorrectly spelt).

    Is there anything I can check in my session, or the referring page?

    rod.

  2. Rhodri Pugh reporter

    (Reply via r...@pu-gh.com):

    No, I tried Safari 5 and get the same CSRF error.

    I checked the login form and it is sending a token ...

    I tried adding DEBUG=True to the request to get some more information but couldn't get it to work.

    Anything else I can try?

  3. Rhodri Pugh reporter

    Login directly to bitbucket without the CNAME works fine, and no as far as I'm aware I'm not behind any proxy (I've tried this on my home broadband and via my work network with the same results). Is there anything about the CNAME setup I can check - or is there another way to get a stack trace or more error logging that could help out?

  4. Log in to comment