search

harvard-lil / h2o

H2O is a web app for creating and reading open educational resources, primarily in the legal field
https://opencasebook.org
GNU Affero General Public License v3.0
37 stars 30 forks source link

"Remove myself from this casebook" is missing CSRF token #1822

Closed lizadaly closed 1 year ago

lizadaly commented 1 year ago
image

Trying to remove oneself from a casebook from the casebook settings page does not work; the form is missing a CSRF token and any attempt returns a somewhat confusing error on the front end:

Login Request Failed Your attempt to log in failed. If you believe you reached this page in error, please [contact us]

This is because this is the template for any 403 status code response; the actual server response is:

 Forbidden (CSRF token missing or incorrect.): /casebooks/6106-business-ethics-and-the-legal-environment/settings/

and indeed the token is visibly missing from the page if you view source.

lizadaly commented 1 year ago

Since this has maybe never worked, we might want to consider just removing the feature?