blob: b6df85923b26917e136c142f97fb09a5e52ff52e (
plain)
1
2
3
4
5
6
7
8
9
10
|
[[!comment format=mdwn
username="http://joeyh.name/"
ip="64.134.31.139"
subject="comment 7"
date="2013-10-14T16:18:01Z"
content="""
I just ran into this problem myself. Some investigating shows it is a problem with Yesod's XSRF token. Apparently yesod is not seeing the _token, or is seeing one it does not like. However, I verified in chromium inspector that the form post was including the token with the same value used on the page. Also, it would intermittently accept the form, if I kept posting it over and over again.
It seems this must be a bug in yesod, or on something with how I'm using yesod, or possibly in deeper layers like WAI not seeing the form post include the token, but I have not been able to figure out what. As a workaround, since git-annex webapp does its own authentication and only listens to localhost, and so does not actually need XSRF protection, I am going to change it to bypass that.
"""]]
|