[[!comment format=mdwn
 username="http://joeyh.name/"
 ip="64.134.31.139"
 subject="comment 7"
 date="2013-10-14T16:18:01Z"
 content="""
I just ran into this problem myself. Some investigating shows it is a problem with Yesod's XSRF token. Apparently yesod is not seeing the _token, or is seeing one it does not like. However, I verified in chromium inspector that the form post was including the token with the same value used on the page. Also, it would intermittently accept the form, if I kept posting it over and over again.

It seems this must be a bug in yesod, or on something with how I'm using yesod, or possibly in deeper layers like WAI not seeing the form post include the token, but I have not been able to figure out what. As a workaround, since git-annex webapp does its own authentication and only listens to localhost, and so does not actually need XSRF protection, I am going to change it to bypass that.
"""]]