Affiliation
Royal Astronomical Society of New Zealand, Variable Star Section (RASNZ-VSS)
Thu, 08/06/2015 - 08:10
Hi Will
I was using the new VSP fine. But this morning when I went to downoad a chart, I got the message shown below. I haven't changed anything on my Mac. I haven't turned off cookies and I even checked to see it's still turned on. The funny thing is that it was working and now it's not.
Does anyone else have this problem?
Thanks
Stephen [HSP]
Forbidden (403)
CSRF verification failed. Request aborted.
You are seeing this message because this site requires a CSRF cookie when submitting forms. This cookie is required for security reasons, to ensure that your browser is not being hijacked by third parties.
If you have configured your browser to disable cookies, please re-enable them, at least for this site, or for 'same-origin' requests.
/Gustav Holmberg, HGUA
Yes.
/Gustav Holmberg, HGUA
It works with Chrome but not with Safari (my regular browser) nor with Firefox.
Stephen [HSP]
Hi,
I can also reproduce this on Windows: with Firefox 39.0 I get the 403 code, also with IE 10.
With Chrome (Version 44.0.2403.125 m) everything works fine. Same for Opera.
Something to be noted: the web APIs don't seem to be affected by this (tested them on IE10, Chrome and Opera); this one seems to be related strictly to the VSP form and some browsers.
Regards,
Alex.
Me too. The phrase "if it ain't broke, don't fix it" springs to mind!
This is a difficult one; this issue isn't affecting everybody and I'm not sure what exactly is causing some people to see it.
Try clearing your browser cache (instructions here: http://www.refreshyourcache.com/) and let me know if that fixes it for you.
Thanks, Will. I have cleared the cache in both Safari and Firefox and still I get the above error message.
Is there anyone out there who can download maps in Safari or Firefox on a Mac?
Chrome and Opera both work.
Thanks
Stephen [HSP]
Hi,
I think I figured it out: each time I got this error, it was due to accessing VSP as http://aavso.org.vsp
When accessing the form from https://aavso.org/vsp, everything went fine.
The cause is that the VSP form targets https://www.aavso.org/apps/vsp/chart/?fov=.... ....type=chart, and on some browsers, changing either the protocol (http vs. https) or the host part of the URL will be flagged as a cross site forgery attack. Other browsers will flag a potential attack onlyif the host or port part of the URL changes. In our particular case, Firefox and Safary interpreted that a form accessed via http should not target a page using https.
Bottom line, when everything in the site will use the same protocol (https I think), then everything will work just fine. Until then, I think it's safe to just update our bookmarks to use https.
Alex.
--- edited ---
Corrected typo (aavso.org/vsp, not aavso.org.vsp - thanks Stephen)
Thank you, Herr_Allen.
It now works.
One small typo, I believe -- https://aavso.org/vsp rather than https://aavso.org.vsp
Now I am happy as I use VSP a lot.
Kindest regards
Stephen [HSP]
Alexandru's idea also works for me. https:// is OK, http:// is not OK using Firefox 38.0.5 on Mac OS X 10.10.3
Cheers,
/Gustav
Thanks for getting to the bottom of this, Alex! Fortunately we'll be moving to only using https: urls in the near future; at that point all http: urls will redirect to https so people won't run into this problem anymore.
Disregard. User error. (wish there was a way to delete a post)