← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1690387] Re: instance delete fails with: 403 Forbidden - CSRF verification failed

 

Fixed by https://review.openstack.org/#/c/476147/

** Changed in: horizon
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1690387

Title:
  instance delete fails with: 403 Forbidden - CSRF verification failed

Status in OpenStack Dashboard (Horizon):
  Fix Released

Bug description:
  Behavior is that an instance deletion from /project/instances is
  failing.

  The error returned is: 403 Forbidden - CSRF verification failed

  This was noted in #openstack-horizon by zigo on 2017-05-12.

  OpenStack Release was stated to be Newton, on Debian.

  Below are the steps to reproduce from the original bug report.

  The information is pulled from (replicated) Debian bugs:

  - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862387

  ----

  Instance delete fails when I access:

    http://os-ctrl/horizon/project/instances/

  and select "Delete Instance" from the list of actions with
  the error:

    Forbidden (403)
    CSRF verification failed. Request aborted.

    Help
    Reason given for failure:
      CSRF token missing or incorrect.

  while I see the csrftoken being sent in the request:

    csrftoken: tMhcr99nId798AXdULs8dUjuEHemALp0ONGCa4Y8ahpIuckFFqxexCuD13uR5ATy
          
  Apache error.log just reports the same thing:

    Forbidden (CSRF token missing or incorrect.):
  /horizon/project/instances/, referer: http://os-
  ctrl/horizon/project/instances/

  Deleting the instance works if I enter the instance first:

    http://os-ctrl/horizon/project/instances/6a167f8a-f0c6-440a-
  a1c1-c0063058d5c4/

  and than select "Delete Instance" from the list of actions.

  The same issue exists when deleting volumes from:

    http://os-ctrl/horizon/project/volumes/

  
  -- System Information:
  Debian Release: 9.0
    APT prefers testing
    APT policy: (500, 'testing')
  Architecture: amd64
   (x86_64)

  Kernel: Linux 4.9.0-2-amd64 (SMP w/2 CPU cores)
  Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
  Shell: /bin/sh linked to /bin/dash
  Init: systemd (via /run/systemd/system)

  Versions of packages openstack-dashboard depends on:
  ii  adduser                3.115
  ii  libjs-jquery           3.1.1-2
  ii  libjs-jquery-cookie    11-3
  ii  python-django-horizon  3:10.0.1-1
  pn  python:any             <none>

  openstack-dashboard recommends no packages.

  Versions of packages openstack-dashboard suggests:
  ii  memcached                   1.4.33-1
  ii  openstack-dashboard-apache  3:10.0.1-1

  -- no debconf information

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1690387/+subscriptions


References