c2c-oerpscenario team mailing list archive

Thread
Date

[Bug 697007] Re: HTTPError: (403, 'Request Forbidden -- You are not allowed to access this resource.')

To: c2c-oerpscenario@xxxxxxxxxxxxxxxxxxx
From: "Wolfgang Taferner \[TaPo-IT\]" <697007@xxxxxxxxxxxxxxxxxx>
Date: Tue, 04 Jan 2011 15:47:17 -0000
Reply-to: Bug 697007 <697007@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

@Open Net Sàrl / Antony

Well, commenting or removing "prevent_csrf" will do the trick and enable
you to login again, but as Antony Lesuisse is pointing out...the host
does not fit the referer which is imho very restrictive by default. So,
is it a bug or a feature? ;-) Anyway, should be enough info to be able
to enjoy the RC 2 Webclient :-)

The firefox bug header manipulation refers to another problem occuring
in the webclient. It was just my quick and dirty work around to get the
client running.

-- 
You received this bug notification because you are a member of C2C
OERPScenario, which is subscribed to the OpenERP Project Group.
https://bugs.launchpad.net/bugs/697007

Title:
  HTTPError: (403, 'Request Forbidden -- You are not allowed to access this resource.')

Status in OpenObject Web Client:
  Confirmed

Bug description:
  openerp-web raises the following traceback after being upgraded with latest RC2 commits:


403 Forbidden
Request Forbidden -- You are not allowed to access this resource.

Traceback (most recent call last):
  File "/usr/local/lib/python2.6/dist-packages/CherryPy-3.1.2-py2.6.egg/cherrypy/_cprequest.py", line 606, in respond
    cherrypy.response.body = self.handler()
  File "/usr/local/lib/python2.6/dist-packages/CherryPy-3.1.2-py2.6.egg/cherrypy/_cpdispatch.py", line 25, in __call__
    return self.callable(*self.args, **self.kwargs)
  File "/usr/local/lib/python2.6/dist-packages/openerp_web-6.0.0_rc1-py2.6.egg/openobject/tools/_expose.py", line 191, in func_wrapper
    res = func(*args, **kw)
  File "/usr/local/lib/python2.6/dist-packages/openerp_web-6.0.0_rc1-py2.6.egg/openobject/controllers/_root.py", line 75, in default
    self.prevent_csrf(request)
  File "/usr/local/lib/python2.6/dist-packages/openerp_web-6.0.0_rc1-py2.6.egg/openobject/controllers/_root.py", line 51, in prevent_csrf
    raise cherrypy.HTTPError(403, "Request Forbidden -- You are not allowed to access this resource.")
HTTPError: (403, 'Request Forbidden -- You are not allowed to access this resource.')

References

[Bug 697007] [NEW] HTTPError: (403, 'Request Forbidden -- You are not allowed to access this resource.')
From: Inaki Fernandez - OpenERPappliance.com, 2011-01-03