stevejalim
commented
2 months ago Frustratingly, I can't repro this locally, or on prod (where I was able to send a test report). But at least I was able to send a report on prod
Closed stevejalim closed 2 months ago
stevejalim
commented
2 months ago Frustratingly, I can't repro this locally, or on prod (where I was able to send a test report). But at least I was able to send a report on prod
stevejalim
commented
2 months ago Notes:
there are nine entries in Sentry regarding this at time of writing. All nine are for complaints that don't look valid (complaining about www.firefox.com itself, for instance).
According to the traceback, the CsrfViewMiddleware complained, which is odd as that is only enabled when we're in CMS mode, which isn't currently the state in production...
stevejalim
commented
2 months ago Can't reproduce, but it looks like the actual CSRF protection is indeed protecting, albeit with a non-ideal message
https://mozilla.sentry.io/issues/5474372266
Two things here
1) /en-US/about/legal/defend-mozilla-trademarks/ is 500ing because there's no
userattribute on the HttpRequest (and we shouldn't expect one because most of Bedrock should be accessed without sessions - only CMS/editing pods will have sessions)2) Why are we getting a CSRF warning there anyway?