4452: Submitting the "Groups" account preferences form results in a CSRF error
- Fixed
- Review Board
satish3_singh | |
What version are you running?
Review board 2.0.12
What's the URL of the page containing the problem?
https://reviewboard.xyz.com/account/preferences/#groups
What steps will reproduce the problem?
- GO to https://reviewboard.xyz.com/account/preferences/#groups
And use the search (under the word group)
And then hit enter/return
you’ll get a 403 Forbidden page because of a CSRF Verification Failure
What is the expected output? What do you see instead?
What operating system are you using? What browser?
On all the browsers.
Please provide any additional information below.
Thanks for reporting this. I am able to confirm this happens on
release-2.0.12
.
-
- New + Confirmed -
+ Component:Accounts
There's a patch for this up at https://reviews.reviewboard.org/r/8335/.
The issue is that the groups form does not need to be submitted, as its contents update automatically based on the input field.
-
- Confirmed + PendingReview
-
- 403 Forbidden page because of a CSRF Verification Failure + Submitting the "Groups" account preferences form results in a CSRF error