Re: [Snowy] OAuth - CSRF verification failed



Hi Eric,

What you report is strange, CSRF seems to be explicitly disabled in
the Snowy API. COuld you post some more information about your setup
(Tomboy version, Snowy deployment method, contents of
http://yourhostname/api/1.0, and generally anything you think could be
useful)?

Benoît



On Sat, Mar 27, 2010 at 5:28 PM, Eric Kerby <eric epkphoto com> wrote:
> I'm quite excited about using snowy to synchronize notes.  Unfortunately, I
> have been having a bit of trouble getting everything working.
>
> I'm using Ubuntu and have tried both Django trunk and Django version 1.1.1
> with the same results.  When I set up snowy on the same host as the Tomboy
> client, it works great.  Notes synchronize, and all seems well.
>
> When I then start the snowy server bound to an IP accessible outside of that
> box (ie, not 127.0.0.1), change the domain of the site in the snowy admin to
> either the IP address or hostname (plus :8000) and try to synchronize from a
> separate computer, the following happens when I click "Connect to server" in
> Tomboy:
>
> HTTP requests:
>    [27/Mar/2010 12:25:14] "GET /api/1.0 HTTP/1.1" 301 0
>    [27/Mar/2010 12:25:14] "GET /api/1.0/ HTTP/1.0" 200 258
>    [27/Mar/2010 12:25:14] "POST /oauth/request_token/ HTTP/1.0" 403 1654
> That last one (POST /oauth/request_token/) returns a 403 error and if I
> perform a tcpdump, I can see that in the 403 packet that is returned, django
> complains that the "CSRF verification failed".  It also says "No CSRF or
> session cookie".
>
> Any ideas?  I'm going to delve into the code and see if I can discover
> anything, but I'm no Django expert...
>
> Thanks,
> Eric
> _______________________________________________
> Snowy-list mailing list
> Snowy-list gnome org
> http://mail.gnome.org/mailman/listinfo/snowy-list
>
>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]