Re: [Django] #24280: CSRF cookie error only happening with Chrome.

2015-03-25 Thread Django 
#24280: CSRF cookie error only happening with Chrome.
-+--
 Reporter:  jkapple  |Owner:  nobody
 Type:  Bug  |   Status:  closed
Component:  CSRF |  Version:  1.6
 Severity:  Release blocker  |   Resolution:  duplicate
 Keywords:  CSRF, chrome | Triage Stage:  Unreviewed
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+--
Changes (by timgraham):

 * status:  new => closed
 * resolution:   => duplicate


Comment:

 Duplicate of #24492 which describes the problem more concisely.

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/065.303d0554485f679551fdb16dd9ea6575%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #24280: CSRF cookie error only happening with Chrome.

2015-03-23 Thread Django 
#24280: CSRF cookie error only happening with Chrome.
-+--
 Reporter:  jkapple  |Owner:  nobody
 Type:  Bug  |   Status:  new
Component:  CSRF |  Version:  1.6
 Severity:  Release blocker  |   Resolution:
 Keywords:  CSRF, chrome | Triage Stage:  Unreviewed
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+--

Comment (by subsume):

 That's a bingo. As soon as I modified a local cookie to include a ], i
 instantly lost my django session (which makes no sense). The next login
 attempt was a bust. Removing the bracket restores my session :P Great
 find.

 As for why Chrome users seem to report things far more than users of other
 browsers I leave up to the theologians. It was an uncanny red herring to
 this issue.

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/065.e4c9f28ac24f15fe5ce8f8b4f2da4aeb%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #24280: CSRF cookie error only happening with Chrome.

2015-03-23 Thread Django 
#24280: CSRF cookie error only happening with Chrome.
-+--
 Reporter:  jkapple  |Owner:  nobody
 Type:  Bug  |   Status:  new
Component:  CSRF |  Version:  1.6
 Severity:  Release blocker  |   Resolution:
 Keywords:  CSRF, chrome | Triage Stage:  Unreviewed
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+--

Comment (by prestontimmons):

 This may be a bug in Python 2.7.8. Django uses the standard library
 `Cookie` implementation, which introduced some problems in recent
 releases. For example, https://bugs.python.org/issue22931.

 Can you tell if another cookie is causing `Cookie.load()` to drop the
 csrftoken value during parsing?

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/065.70cc77b13f17fe02589629e8193c93a4%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #24280: CSRF cookie error only happening with Chrome.

2015-03-23 Thread Django 
#24280: CSRF cookie error only happening with Chrome.
-+--
 Reporter:  jkapple  |Owner:  nobody
 Type:  Bug  |   Status:  new
Component:  CSRF |  Version:  1.6
 Severity:  Release blocker  |   Resolution:
 Keywords:  CSRF, chrome | Triage Stage:  Unreviewed
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+--

Comment (by subsume):

 py 2.7.8  / dj 1.6.10

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/065.80eeb7c48dc969a8167670efbcd7b14a%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #24280: CSRF cookie error only happening with Chrome.

2015-03-23 Thread Django 
#24280: CSRF cookie error only happening with Chrome.
-+--
 Reporter:  jkapple  |Owner:  nobody
 Type:  Bug  |   Status:  new
Component:  CSRF |  Version:  1.6
 Severity:  Release blocker  |   Resolution:
 Keywords:  CSRF, chrome | Triage Stage:  Unreviewed
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+--

Comment (by prestontimmons):

 Which version of Django and Python are you seeing this on?

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/065.ddd130d983143b81d670ca1fe00b7793%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #24280: CSRF cookie error only happening with Chrome.

2015-03-23 Thread Django 
#24280: CSRF cookie error only happening with Chrome.
-+--
 Reporter:  jkapple  |Owner:  nobody
 Type:  Bug  |   Status:  new
Component:  CSRF |  Version:  1.6
 Severity:  Release blocker  |   Resolution:
 Keywords:  CSRF, chrome | Triage Stage:  Unreviewed
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+--

Comment (by subsume):

 I was able to verify that the csrftoken in the form and the csrf cookie
 are both present and match before failure.

 I had the user delete the csrf cookie and retry and it issued a new one
 which failed.

 I was also able to take over a user's session normally by taking their
 cookie value and replacing my own locally with it. While their environment
 still failed, mine was able to use the site normally. (while they can
 maintain their session while the problem is happening, they can't submit
 csrf forms).

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/065.c0bf0c33c63ee40f7ba4bea5d48705fa%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #24280: CSRF cookie error only happening with Chrome.

2015-03-23 Thread Django 
#24280: CSRF cookie error only happening with Chrome.
-+--
 Reporter:  jkapple  |Owner:  nobody
 Type:  Bug  |   Status:  new
Component:  CSRF |  Version:  1.6
 Severity:  Release blocker  |   Resolution:
 Keywords:  CSRF, chrome | Triage Stage:  Unreviewed
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+--

Comment (by subsume):

 I'd love to be able to reproduce it, still just debugging over email with
 users (lots of them).

 The docs do say "Regardless, you’re guaranteed to have the cookie if the
 token is present in the DOM, so you should use the cookie!" is this true?
 If so, the error message "not set" seems errant.

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/065.ebc50698180128adf576f638bb948115%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #24280: CSRF cookie error only happening with Chrome.

2015-03-23 Thread Django 
#24280: CSRF cookie error only happening with Chrome.
-+--
 Reporter:  jkapple  |Owner:  nobody
 Type:  Bug  |   Status:  new
Component:  CSRF |  Version:  1.6
 Severity:  Release blocker  |   Resolution:
 Keywords:  CSRF, chrome | Triage Stage:  Unreviewed
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+--

Comment (by timgraham):

 The way to help is by giving us steps so we can reproduce the error and
 debug it.

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/065.0e3802ecc6f18276aa1e0f1970e1523f%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #24280: CSRF cookie error only happening with Chrome.

2015-03-23 Thread Django 
#24280: CSRF cookie error only happening with Chrome.
-+--
 Reporter:  jkapple  |Owner:  nobody
 Type:  Bug  |   Status:  new
Component:  CSRF |  Version:  1.6
 Severity:  Release blocker  |   Resolution:
 Keywords:  CSRF, chrome | Triage Stage:  Unreviewed
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+--
Changes (by subsume):

 * status:  closed => new
 * resolution:  needsinfo =>


Comment:

 I'd love to provide any information needed. I am experiencing the same
 bug. To be clear, this started happening on a very large scale once I
 upgraded from 1.4.3 to 1.6.X.

 It also mirrors a situation that's happening here:
 http://stackoverflow.com/questions/10264437/django-forbidden-csrf-cookie-
 not-set

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/065.48c00a6fffd6f43e42da672f986274bc%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #24280: CSRF cookie error only happening with Chrome.

2015-02-05 Thread Django 
#24280: CSRF cookie error only happening with Chrome.
-+--
 Reporter:  jkapple  |Owner:  nobody
 Type:  Bug  |   Status:  closed
Component:  CSRF |  Version:  1.6
 Severity:  Release blocker  |   Resolution:  needsinfo
 Keywords:  CSRF, chrome | Triage Stage:  Unreviewed
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+--
Changes (by timgraham):

 * status:  new => closed
 * resolution:   => needsinfo


Comment:

 I suggest to use our support channels to get help, rather than this ticket
 tracker. If this proves to be a bug in Django, we can reopen the ticket.
 Thanks.

 TicketClosingReasons/UseSupportChannels

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/065.04cee0538a1c3140a347f31bb8f764f8%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #24280: CSRF cookie error only happening with Chrome.

2015-02-04 Thread Django 
#24280: CSRF cookie error only happening with Chrome.
-+--
 Reporter:  jkapple  |Owner:  nobody
 Type:  Bug  |   Status:  new
Component:  CSRF |  Version:  1.6
 Severity:  Release blocker  |   Resolution:
 Keywords:  CSRF, chrome | Triage Stage:  Unreviewed
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+--

Comment (by jkapple):

 Replying to [comment:1 timgraham]:
 > Unless you can provide information otherwise, it seems like Chrome's
 cookies are getting corrupted or something. Not sure Django can do
 anything about this.

 It's happening on  a somewhat largish scale, as it's not limited to just
 my computer. Out of 100s of posts, 10-20 are getting this error. I can
 provide screenshots of developer tools stepping through a submit if that
 would be helpful. I'm open to any suggestions on how to track this down as
 it is becoming a bigger nuisance every day.

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/065.52813770b7b5441a3dcd6e4cf3e4dcc7%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #24280: CSRF cookie error only happening with Chrome.

2015-02-04 Thread Django 
#24280: CSRF cookie error only happening with Chrome.
-+--
 Reporter:  jkapple  |Owner:  nobody
 Type:  Bug  |   Status:  new
Component:  CSRF |  Version:  1.6
 Severity:  Release blocker  |   Resolution:
 Keywords:  CSRF, chrome | Triage Stage:  Unreviewed
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+--
Changes (by timgraham):

 * needs_better_patch:   => 0
 * needs_tests:   => 0
 * needs_docs:   => 0


Comment:

 Unless you can provide information otherwise, it seems like Chrome's
 cookies are getting corrupted or something. Not sure Django can do
 anything about this.

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/065.2e0e05d8b4665701e47c91c4d0a68d5c%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

[Django] #24280: CSRF cookie error only happening with Chrome.

2015-02-04 Thread Django 
#24280: CSRF cookie error only happening with Chrome.
-+--
 Reporter:  jkapple  |  Owner:  nobody
 Type:  Bug  | Status:  new
Component:  CSRF |Version:  1.6
 Severity:  Release blocker  |   Keywords:  CSRF, chrome
 Triage Stage:  Unreviewed   |  Has patch:  0
Easy pickings:  0|  UI/UX:  0
-+--
 I have a site that is running Django 1.6.10. Recently some of our admins
 had trouble logging in and were getting the CSRF 403 error page. They had
 to delete all their cookies for the site to be able to login again. This
 led me to wonder if it was more widespread, since the CSRF error page
 doesn't get logged. I enabled logging and I'm seeing about 10% of posts
 having issues.

 My Settings.py looks like this:

 {{{
 TEMPLATE_CONTEXT_PROCESSORS = (
 'django.contrib.auth.context_processors.auth',
 'django.core.context_processors.debug',
 'django.core.context_processors.csrf',
 'django.core.context_processors.i18n',
 'django.core.context_processors.media',
 'django.core.context_processors.request',
 'django.core.context_processors.static',
 )

 MIDDLEWARE_CLASSES = (
 'debug_toolbar.middleware.DebugToolbarMiddleware',
 'django.middleware.cache.UpdateCacheMiddleware',
 'django.middleware.common.CommonMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.sessions.middleware.SessionMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.middleware.doc.XViewMiddleware',
 'django.contrib.flatpages.middleware.FlatpageFallbackMiddleware',

 'linaro_django_pagination.middleware.PaginationMiddleware',

 'django.middleware.cache.FetchFromCacheMiddleware',
 )
 }}}

 The views causing the issue are generic class based views with a comment
 post form. The form has {% csrf_token %} inside the form tags. The error
 that is getting triggered is REASON_NO_CSRF from the csrf middleware.


 {{{
 ,
 POST:,
 COOKIES:{'HIRO_COOKIE':
 'data=&newSession=false&id=REDACTEDĂ—tamp=1414023546237',
 'OX_plg': 'swf|shk|pm',
 'SS_ARE_Override.traceLevel': 'WARN',
 '__gads':
 'ID=b5f389086388b528:T=1413419752:S=ALNI_MaqCqguvaHWhG76FGjhHzPTieaGeA',
 '__qca': 'P0-2120806691-1413419758360',
 '__sonar': '749077714819215977',
 '_bsef2f5b6aaad756f2445ed7606b648325': '1',
 'acudeoSession.': '%7B%22time%22%3A1421376382060%2C%22adIndex%22%3A1%7D',
 'ebNewBandWidth_.www.REDACTED.com': 'REDACTED',
 'mlUserID': '9X8L0kMS8ypL',
 'targus.BirthYear': '',
 'targus.ap_seg': '',
 'targus.gender': '',
 'targus.matched': '1',
 'targus.segment': '000',
 'targus.zip': '',
 'vsl_userid': 'c4ee281a94b19b5cb09d83ee93e98f55'},

 META:{'CONTENT_LENGTH': '92',
 'CONTENT_TYPE': 'application/x-www-form-urlencoded',
 u'CSRF_COOKIE': u'CV5Vh0mpa578LnKGK1Lfj6pRVB1cwc6E',
 'DOCUMENT_ROOT': '/usr/local/apache2/htdocs',
 'GATEWAY_INTERFACE': 'CGI/1.1',
 'HTTP_ACCEPT':

 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;
 q=0.8',
 'HTTP_ACCEPT_ENCODING': 'gzip, deflate',
 'HTTP_ACCEPT_LANGUAGE': 'en,en-GB;q=0.8',
 'HTTP_CACHE_CONTROL': 'max-age=0',
 'HTTP_CONNECTION': 'close',
 }}}

 The odd thing, this just started happening and it only affects Chrome user
 agents. I can step through with Chrome developer tools and see the a
 csrftoken cookie is present, but randomly after submitting, the error
 REASON_NO_CSRF gets triggered in the middle ware.

 Doing the same exact thing in Firefox or Internet Explorer works fine. My
 Chrome install has no extensions running and is the latest 32 bit version.

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/050.65b951fb44070a4dc9d0d24a1506e65b%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.