Closed rknall closed 5 months ago
rixx
commented
5 months ago Sorry, can't reproduce at all – CSRF verification should not depend on the type of data sent; more on some token expiring or the like. If logging out and logging in again / hard refresh / different browser doesn't solve the problem, I'd probably need to see some server logs.
rknall
commented
5 months ago It is a persistent issue. Which kind of log would you like to see? We are currently having some issues / fun with our ansible/docker environment to add the Django_debug settings, would those suffice?
rixx
commented
5 months ago Honestly, I don't know what kinds of logs would help. Both the development setup and pretalx.com have no issues with image uploads, so it's highly likely that there's something off with your setup, and that this is not a pretalx bug. Have you made sure to forward/set all the headers listed in the documentation?
rknall
commented
5 months ago Yes we have. The last thing we are checking right now is, if the cloudflare instance does interfere with it. That might be an issue still. Good to know though that it did not happen in the past on your end, helps further narrowing down the issue
Problem and impact
When a user has submitted a talk on https://conference.wireshark.org/sharkfest-24-eu/ and tries to upload an image for this speaker profile (does not matter if he does it during submission or afterwards), we get a CSRF issue (error 403). Same happens, when the issue is triggered through the admin site.
Expected behaviour
The behavior would be to upload the image without any issues. The image was neither too big nor wrongly formatted.
Steps to reproduce
Screenshots
Link
https://conference.wireshark.org/sharkfest-24-eu/
Browser (software, desktop or mobile?) and version
Safari / Chrome
Operating system, dependency versions
No response
Version
v2023.2.0.dev0