Better handling of Cross Site Request Furgery Error

[philip.zander@…]

I just tried to register by using the invite code "lqfb" as described on the front page. However, after I pressed the "Register"-button, I only got the following error report:

../env/request/set_csrf_secret.lua:15: Cross-Site Request Forgery attempt detected

Stack trace follows:
[C]: in function 'error'
../env/request/set_csrf_secret.lua:15: in function 'set_csrf_secret'
...feedback_testing/app/app/main/_filter/20_session.lua:9: in function 'func'
../env/execute/file_path.lua:24: in function 'file_path'
../env/execute/_add_filters_by_path.lua:17: in function 'wrapper_func'
../env/execute/wrapped.lua:21: in function <../env/execute/wrapped.lua:11>
(tail call): ?
../env/execute/multi_wrapped.lua:18: in function 'inner_func'
../env/execute/inner.lua:19: in function 'inner'
...sting/app/app/main/_filter_action/10_transaction.lua:3: in function 'func'
../env/execute/file_path.lua:24: in function 'file_path'
../env/execute/_add_filters_by_path.lua:17: in function 'wrapper_func'
../env/execute/wrapped.lua:21: in function <../env/execute/wrapped.lua:11>
(tail call): ?
(tail call): ?
../env/execute/filtered_action.lua:32: in function 'filtered_action'
...feedback_testing/webmcp/framework/cgi-bin/webmcp.lua:288: in function <...feedback_testing/webmcp/framework/cgi-bin/webmcp.lua:231>
[C]: in function 'xpcall'
...feedback_testing/webmcp/framework/cgi-bin/webmcp.lua:230: in main chunk
[C]: ?

TRACE

    *
      Configuration "testing"
          o
            Configuration "default"
    *
      REQUESTED ACTION: index/register
    *
      /main/_filter_action/10_transaction.lua
          o BEGIN;;
          o
            /main/_filter/20_session.lua
                + INSERT INTO "session" ("additional_secret", "ident") VALUES ('YUcaCvDu8nHj1aTBFVfVhZwtaE5w1qtr', 'nUGrW4bes2A1J72FJYa27VGsqzIOHCbA') RETURNING ("ident");
                +
                  UNEXPECTED ERROR
    *
      Finished after 24.8 ms (10.0 ms CPU)

[mail@…]

Well,... I tried the same with your test instance but can't even open the  registration page. The server infinitly answers with 303 "See Other" HTTP Redirections.

[jhlf@…]

I get the same error on  https://piraten-feedback.de/th/ using Konqueror (3.5). Works with Firefox (3.5).

../env/request/set_csrf_secret.lua:15: Cross-Site Request Forgery attempt detected
Stack trace follows:
 [C]: in function 'error'
 ../env/request/set_csrf_secret.lua:15: in function 'set_csrf_secret'
 ...quid_feedback/webapp/app/main/_filter/20_session.lua:12: in function 'func'
 ../env/execute/file_path.lua:24: in function 'file_path'
 ../env/execute/_add_filters_by_path.lua:17: in function 'wrapper_func'
 ../env/execute/wrapped.lua:21: in function <../env/execute/wrapped.lua:11>
 (tail call): ?
 ../env/execute/multi_wrapped.lua:18: in function 'inner_func'
 ../env/execute/inner.lua:19: in function 'inner'
 ...ck/webapp/app/main/_filter_action/10_transaction.lua:3: in function 'func'
 ...
 ../env/execute/wrapped.lua:21: in function <../env/execute/wrapped.lua:11>
 (tail call): ?
 (tail call): ?
 ../env/execute/filtered_action.lua:32: in function 'filtered_action'
 webmcp.lua:288: in function <webmcp.lua:231>
 [C]: in function 'xpcall'
 webmcp.lua:230: in main chunk
 [C]: in function 'pcall'
 ...feedback/webmcp/framework/cgi-bin/webmcp-wrapper.lua:7: in main chunk
 [C]: ?

[pirat@…]

I got the same error when I tried to register to LiquidFeedback.