search

collective / collective.documentviewer

https://pypi.org/project/collective.documentviewer
21 stars 22 forks source link

plone.protect error while adding an annotation to the document in the viewer #58

Open pabo3000 opened 8 years ago

pabo3000 commented 8 years ago

This error is only visible when running your instance in foreground. And after typing c into the pdb it works. (Plone 5)

2015-11-21 02:17:14 ERROR plone.protect Error checking for CSRF. Transaction will be aborted since the request is now unsafe:
Traceback (most recent call last):
  File "/home/pab/.buildout/eggs/plone.protect-3.0.9-py2.7.egg/plone/protect/auto.py", line 148, in check
    return self._check()
  File "/home/pab/.buildout/eggs/plone.protect-3.0.9-py2.7.egg/plone/protect/auto.py", line 170, in _check
    check(self.request, manager=self.key_manager)
  File "/home/pab/.buildout/eggs/plone.protect-3.0.9-py2.7.egg/plone/protect/authenticator.py", line 113, in check
    raise Forbidden('Form authenticator is invalid.')
Forbidden: Form authenticator is invalid.
vangheem commented 8 years ago

Not sure what you're talking about. There is no pdb statement in the code.

Are you using the latest version? The authenticator should be getting added to the code.

pabo3000 commented 8 years ago

I use Products.PDBDebugMode (sorry, forgot to mention.) and run the instance in foreground. If I try to add a text annotation in the docviewer then a "Forbidden" is risen. The other available actions in the viewer have the same issue (Manage sections, delete section, ...). If the authenticator is regarded as invalid although the action is processed then that might be a security issue.