← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #63908

[Bug 1690387] [NEW] instance delete fails with: 403 Forbidden - CSRF verification failed

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Behavior is that an instance deletion from /project/instances is
failing.

The error returned is: 403 Forbidden - CSRF verification failed

This was noted in #openstack-horizon by zigo on 2017-05-12.

OpenStack Release was stated to be Newton, on Debian.

Below are the steps to reproduce from the original bug report.

The information is pulled from (replicated) Debian bugs:

- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862387

----

Instance delete fails when I access:

  http://os-ctrl/horizon/project/instances/

and select "Delete Instance" from the list of actions with
the error:

  Forbidden (403)
  CSRF verification failed. Request aborted.

  Help
  Reason given for failure:
    CSRF token missing or incorrect.

while I see the csrftoken being sent in the request:

  csrftoken: tMhcr99nId798AXdULs8dUjuEHemALp0ONGCa4Y8ahpIuckFFqxexCuD13uR5ATy
        
Apache error.log just reports the same thing:

  Forbidden (CSRF token missing or incorrect.):
/horizon/project/instances/, referer: http://os-
ctrl/horizon/project/instances/

Deleting the instance works if I enter the instance first:

  http://os-ctrl/horizon/project/instances/6a167f8a-f0c6-440a-
a1c1-c0063058d5c4/

and than select "Delete Instance" from the list of actions.

The same issue exists when deleting volumes from:

  http://os-ctrl/horizon/project/volumes/


-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64
 (x86_64)

Kernel: Linux 4.9.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages openstack-dashboard depends on:
ii  adduser                3.115
ii  libjs-jquery           3.1.1-2
ii  libjs-jquery-cookie    11-3
ii  python-django-horizon  3:10.0.1-1
pn  python:any             <none>

openstack-dashboard recommends no packages.

Versions of packages openstack-dashboard suggests:
ii  memcached                   1.4.33-1
ii  openstack-dashboard-apache  3:10.0.1-1

-- no debconf information

** Affects: horizon
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1690387

Title:
  instance delete fails with: 403 Forbidden - CSRF verification failed

Status in OpenStack Dashboard (Horizon):
  New

Bug description:
  Behavior is that an instance deletion from /project/instances is
  failing.

  The error returned is: 403 Forbidden - CSRF verification failed

  This was noted in #openstack-horizon by zigo on 2017-05-12.

  OpenStack Release was stated to be Newton, on Debian.

  Below are the steps to reproduce from the original bug report.

  The information is pulled from (replicated) Debian bugs:

  - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862387

  ----

  Instance delete fails when I access:

    http://os-ctrl/horizon/project/instances/

  and select "Delete Instance" from the list of actions with
  the error:

    Forbidden (403)
    CSRF verification failed. Request aborted.

    Help
    Reason given for failure:
      CSRF token missing or incorrect.

  while I see the csrftoken being sent in the request:

    csrftoken: tMhcr99nId798AXdULs8dUjuEHemALp0ONGCa4Y8ahpIuckFFqxexCuD13uR5ATy
          
  Apache error.log just reports the same thing:

    Forbidden (CSRF token missing or incorrect.):
  /horizon/project/instances/, referer: http://os-
  ctrl/horizon/project/instances/

  Deleting the instance works if I enter the instance first:

    http://os-ctrl/horizon/project/instances/6a167f8a-f0c6-440a-
  a1c1-c0063058d5c4/

  and than select "Delete Instance" from the list of actions.

  The same issue exists when deleting volumes from:

    http://os-ctrl/horizon/project/volumes/

  
  -- System Information:
  Debian Release: 9.0
    APT prefers testing
    APT policy: (500, 'testing')
  Architecture: amd64
   (x86_64)

  Kernel: Linux 4.9.0-2-amd64 (SMP w/2 CPU cores)
  Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
  Shell: /bin/sh linked to /bin/dash
  Init: systemd (via /run/systemd/system)

  Versions of packages openstack-dashboard depends on:
  ii  adduser                3.115
  ii  libjs-jquery           3.1.1-2
  ii  libjs-jquery-cookie    11-3
  ii  python-django-horizon  3:10.0.1-1
  pn  python:any             <none>

  openstack-dashboard recommends no packages.

  Versions of packages openstack-dashboard suggests:
  ii  memcached                   1.4.33-1
  ii  openstack-dashboard-apache  3:10.0.1-1

  -- no debconf information

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1690387/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next