4452: Submitting the "Groups" account preferences form results in a CSRF error

satish3_singh 
What version are you running?


Review board 2.0.12


What's the URL of the page containing the problem?


https://reviewboard.xyz.com/account/preferences/#groups






What steps will reproduce the problem?


    

  1. GO to https://reviewboard.xyz.com/account/preferences/#groups
    2. 



And use the search (under the word group)


And then hit enter/return


you’ll get a 403 Forbidden page because of a CSRF Verification Failure








What is the expected output? What do you see instead?




What operating system are you using? What browser?


On all the browsers.




Please provide any additional information below.
brennie
#1 brennie 
Thanks for reporting this. I am able to confirm this happens on release-2.0.12.
  • -New
    +Confirmed
  • +Component:Accounts
brennie
#2 brennie 
There's a patch for this up at https://reviews.reviewboard.org/r/8335/.


The issue is that the groups form does not need to be submitted, as its contents update automatically based on the input field.
  • -Confirmed
    +PendingReview
brennie
#3 brennie
  • -403 Forbidden page because of a CSRF Verification Failure
    +Submitting the "Groups" account preferences form results in a CSRF error
brennie
#4 brennie 
This has landed as commit e922db6b413a4437c6db78cebcc4f6538560b914. It will be included in all future releases.
  • -PendingReview
    +Fixed