Issue #7666 invalid

Access Management: Can not add user to project

Simon Brüchner
created an issue

When trying to add a existing user to a project in myproject/admin/access an error message shows up saying

[object Object]

When checking with FireBug, the PUT request response body says:

Forbidden (403)

CSRF verification failed. Request aborted.

You are seeing this message because this HTTPS site requires a 'Referer header' to be sent by your Web browser, but none was sent. This header is required for security reasons, to ensure that your browser is not being hijacked by third parties.

If you have configured your browser to disable 'Referer' headers, please re-enable them, at least for this site, or for HTTPS connections, or for 'same-origin' requests.

I'm not the owner of this project but an administrator to this project.

Comments (3)

  1. Jon Mooring staff

    Hi Simon,

    I can't reproduce this issue. If you are still experiencing problems, please contact support@bitbucket.org for further assistance. Our support team should be able to help.

    Thanks,
    Jon

  2. Erik van Zijst staff

    Simon Brüchner My guess is that you've got the referrer header disabled in your browser (or maybe one of your extensions did so). At least the site is telling you that your request didn't have the header, which is required over HTTPS to properly counter CSRF attacks.

    Try with another browser (preferably one that wasn't customized through extensions and plugins) to see if that makes a difference.

  3. Log in to comment