Closed stevejalim closed 2 months ago
Frustratingly, I can't repro this locally, or on prod (where I was able to send a test report). But at least I was able to send a report on prod
Notes:
there are nine entries in Sentry regarding this at time of writing. All nine are for complaints that don't look valid (complaining about www.firefox.com itself, for instance).
According to the traceback, the CsrfViewMiddleware
complained, which is odd as that is only enabled when we're in CMS mode, which isn't currently the state in production...
Can't reproduce, but it looks like the actual CSRF protection is indeed protecting, albeit with a non-ideal message
https://mozilla.sentry.io/issues/5474372266
Two things here
1) /en-US/about/legal/defend-mozilla-trademarks/ is 500ing because there's no
user
attribute on the HttpRequest (and we shouldn't expect one because most of Bedrock should be accessed without sessions - only CMS/editing pods will have sessions)2) Why are we getting a CSRF warning there anyway?