Re: [Snowy] OAuth - CSRF verification failed

From: Eric Kerby <eric epkphoto com>
To: Snowy List <snowy-list gnome org>
Subject: Re: [Snowy] OAuth - CSRF verification failed
Date: Sun, 28 Mar 2010 01:24:47 -0400

Here's some more info:

Tomboy versions tried - 1.1.4 (Mac OS X) and 1.0.0 (Ubuntu 9.10)

Snowy deployment
    Django (tried both subversion checkout of trunk and 1.1.1 via apt-get)

Deployed under Apache with mod-python and run with built inwebserver with same results

    Snowy head version checked out via git
    Used both MySQL and SQLite databases with same results

Contents of http://10.2.3.189:8000/api/1.0
{

"oauth_access_token_url":"http://10.2.3.189:8000/oauth/access_token/";,

    "api-version": "1.0",

"oauth_request_token_url":"http://10.2.3.189:8000/oauth/request_token/";,

    "oauth_authorize_url": "http://10.2.3.189:8000/oauth/authenticate/";
}

I have been testing this in a VirtualBox VM as well as in an OpenVZcontainer...both of which act normally otherwise. The Django install inthe OpenVZ container also works well for other non-snowy Django sites.

For the sqlite instance, the local_settings.py file was unchanged fromthe git version.


Site configured in snowy/django admin:
    Domain name: 10.2.3.189:8000
    Display name: Eric's Notes

(if I change the server to run on 127.0.0.1:8000, it works...no dice on10.2.3.189, though the web frontend still works)


Anything else you all think might be useful?

-Eric


On 3/27/10 6:48 PM, Benoit Garret wrote:

Hi Eric,

What you report is strange, CSRF seems to be explicitly disabled in
the Snowy API. COuld you post some more information about your setup
(Tomboy version, Snowy deployment method, contents of
http://yourhostname/api/1.0, and generally anything you think could be
useful)?

Benoît



On Sat, Mar 27, 2010 at 5:28 PM, Eric Kerby<eric epkphoto com>  wrote:

I'm quite excited about using snowy to synchronize notes.  Unfortunately, I
have been having a bit of trouble getting everything working.

I'm using Ubuntu and have tried both Django trunk and Django version 1.1.1
with the same results.  When I set up snowy on the same host as the Tomboy
client, it works great.  Notes synchronize, and all seems well.

When I then start the snowy server bound to an IP accessible outside of that
box (ie, not 127.0.0.1), change the domain of the site in the snowy admin to
either the IP address or hostname (plus :8000) and try to synchronize from a
separate computer, the following happens when I click "Connect to server" in
Tomboy:

HTTP requests:
    [27/Mar/2010 12:25:14] "GET /api/1.0 HTTP/1.1" 301 0
    [27/Mar/2010 12:25:14] "GET /api/1.0/ HTTP/1.0" 200 258
    [27/Mar/2010 12:25:14] "POST /oauth/request_token/ HTTP/1.0" 403 1654
That last one (POST /oauth/request_token/) returns a 403 error and if I
perform a tcpdump, I can see that in the 403 packet that is returned, django
complains that the "CSRF verification failed".  It also says "No CSRF or
session cookie".

Any ideas?  I'm going to delve into the code and see if I can discover
anything, but I'm no Django expert...

Thanks,
Eric
_______________________________________________
Snowy-list mailing list
Snowy-list gnome org
http://mail.gnome.org/mailman/listinfo/snowy-list

Follow-Ups:
- Re: [Snowy] OAuth - CSRF verification failed
  - From: Sandy Armstrong

References:
- [Snowy] OAuth - CSRF verification failed
  - From: Eric Kerby
- Re: [Snowy] OAuth - CSRF verification failed
  - From: Benoit Garret

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]