Re: [Snowy] OAuth - CSRF verification failed

Here's some more info:

Tomboy versions tried - 1.1.4 (Mac OS X) and 1.0.0 (Ubuntu 9.10)

Snowy deployment
    Django (tried both subversion checkout of trunk and 1.1.1 via apt-get)
Deployed under Apache with mod-python and run with built in webserver with same results
    Snowy head version checked out via git
    Used both MySQL and SQLite databases with same results

Contents of
"oauth_access_token_url": "";,
    "api-version": "1.0",
"oauth_request_token_url": "";,
    "oauth_authorize_url": "";

I have been testing this in a VirtualBox VM as well as in an OpenVZ container...both of which act normally otherwise. The Django install in the OpenVZ container also works well for other non-snowy Django sites.

For the sqlite instance, the file was unchanged from the git version.

Site configured in snowy/django admin:
    Domain name:
    Display name: Eric's Notes
(if I change the server to run on, it dice on, though the web frontend still works)

Anything else you all think might be useful?


On 3/27/10 6:48 PM, Benoit Garret wrote:
Hi Eric,

What you report is strange, CSRF seems to be explicitly disabled in
the Snowy API. COuld you post some more information about your setup
(Tomboy version, Snowy deployment method, contents of
http://yourhostname/api/1.0, and generally anything you think could be


On Sat, Mar 27, 2010 at 5:28 PM, Eric Kerby<eric epkphoto com>  wrote:
I'm quite excited about using snowy to synchronize notes.  Unfortunately, I
have been having a bit of trouble getting everything working.

I'm using Ubuntu and have tried both Django trunk and Django version 1.1.1
with the same results.  When I set up snowy on the same host as the Tomboy
client, it works great.  Notes synchronize, and all seems well.

When I then start the snowy server bound to an IP accessible outside of that
box (ie, not, change the domain of the site in the snowy admin to
either the IP address or hostname (plus :8000) and try to synchronize from a
separate computer, the following happens when I click "Connect to server" in

HTTP requests:
    [27/Mar/2010 12:25:14] "GET /api/1.0 HTTP/1.1" 301 0
    [27/Mar/2010 12:25:14] "GET /api/1.0/ HTTP/1.0" 200 258
    [27/Mar/2010 12:25:14] "POST /oauth/request_token/ HTTP/1.0" 403 1654
That last one (POST /oauth/request_token/) returns a 403 error and if I
perform a tcpdump, I can see that in the 403 packet that is returned, django
complains that the "CSRF verification failed".  It also says "No CSRF or
session cookie".

Any ideas?  I'm going to delve into the code and see if I can discover
anything, but I'm no Django expert...

Snowy-list mailing list
Snowy-list gnome org

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]