Re: [Snowy] OAuth - CSRF verification failed
- From: Sandy Armstrong <sanfordarmstrong gmail com>
- To: Eric Kerby <eric epkphoto com>
- Cc: Snowy List <snowy-list gnome org>
- Subject: Re: [Snowy] OAuth - CSRF verification failed
- Date: Sun, 28 Mar 2010 10:54:23 -0700
This seems quite strange. I'm looking at the commit where Leon made
our API resources CSRF-exempt:
http://git.gnome.org/browse/snowy/commit/?id=93b27ce1308822ad8e66e94d21d485787241dd16
But Eric is receiving a failure when requesting a token, not when
accessing an API URL. I wonder if some similar fix is required for the
OAuth-related URLs? But I'm not sure what.
This is probably not related, but Eric, have you double-checked that
you have anyone/anyone set as the consumer key/secret? And also, can
you verify that you really are using the absolute latest version of
snowy from git?
Thanks,
Sandy
On Sat, Mar 27, 2010 at 10:24 PM, Eric Kerby <eric epkphoto com> wrote:
> Here's some more info:
>
> Tomboy versions tried - 1.1.4 (Mac OS X) and 1.0.0 (Ubuntu 9.10)
>
> Snowy deployment
> Django (tried both subversion checkout of trunk and 1.1.1 via apt-get)
> Deployed under Apache with mod-python and run with built in webserver
> with same results
> Snowy head version checked out via git
> Used both MySQL and SQLite databases with same results
>
> Contents of http://10.2.3.189:8000/api/1.0
> {
> "oauth_access_token_url": "http://10.2.3.189:8000/oauth/access_token/",
> "api-version": "1.0",
> "oauth_request_token_url": "http://10.2.3.189:8000/oauth/request_token/",
> "oauth_authorize_url": "http://10.2.3.189:8000/oauth/authenticate/"
> }
>
> I have been testing this in a VirtualBox VM as well as in an OpenVZ
> container...both of which act normally otherwise. The Django install in the
> OpenVZ container also works well for other non-snowy Django sites.
>
> For the sqlite instance, the local_settings.py file was unchanged from the
> git version.
>
> Site configured in snowy/django admin:
> Domain name: 10.2.3.189:8000
> Display name: Eric's Notes
> (if I change the server to run on 127.0.0.1:8000, it works...no dice on
> 10.2.3.189, though the web frontend still works)
>
> Anything else you all think might be useful?
>
> -Eric
>
>
> On 3/27/10 6:48 PM, Benoit Garret wrote:
>>
>> Hi Eric,
>>
>> What you report is strange, CSRF seems to be explicitly disabled in
>> the Snowy API. COuld you post some more information about your setup
>> (Tomboy version, Snowy deployment method, contents of
>> http://yourhostname/api/1.0, and generally anything you think could be
>> useful)?
>>
>> Benoît
>>
>>
>>
>> On Sat, Mar 27, 2010 at 5:28 PM, Eric Kerby<eric epkphoto com> wrote:
>>
>>>
>>> I'm quite excited about using snowy to synchronize notes. Unfortunately,
>>> I
>>> have been having a bit of trouble getting everything working.
>>>
>>> I'm using Ubuntu and have tried both Django trunk and Django version
>>> 1.1.1
>>> with the same results. When I set up snowy on the same host as the
>>> Tomboy
>>> client, it works great. Notes synchronize, and all seems well.
>>>
>>> When I then start the snowy server bound to an IP accessible outside of
>>> that
>>> box (ie, not 127.0.0.1), change the domain of the site in the snowy admin
>>> to
>>> either the IP address or hostname (plus :8000) and try to synchronize
>>> from a
>>> separate computer, the following happens when I click "Connect to server"
>>> in
>>> Tomboy:
>>>
>>> HTTP requests:
>>> [27/Mar/2010 12:25:14] "GET /api/1.0 HTTP/1.1" 301 0
>>> [27/Mar/2010 12:25:14] "GET /api/1.0/ HTTP/1.0" 200 258
>>> [27/Mar/2010 12:25:14] "POST /oauth/request_token/ HTTP/1.0" 403 1654
>>> That last one (POST /oauth/request_token/) returns a 403 error and if I
>>> perform a tcpdump, I can see that in the 403 packet that is returned,
>>> django
>>> complains that the "CSRF verification failed". It also says "No CSRF or
>>> session cookie".
>>>
>>> Any ideas? I'm going to delve into the code and see if I can discover
>>> anything, but I'm no Django expert...
>>>
>>> Thanks,
>>> Eric
>>> _______________________________________________
>>> Snowy-list mailing list
>>> Snowy-list gnome org
>>> http://mail.gnome.org/mailman/listinfo/snowy-list
>>>
>>>
>>>
>
> _______________________________________________
> Snowy-list mailing list
> Snowy-list gnome org
> http://mail.gnome.org/mailman/listinfo/snowy-list
>
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]