Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

403 on submitting expense after being scolded for leaving the description blank #17

Closed
asedeno opened this Issue Oct 27, 2011 · 1 comment

Comments

Projects
None yet
2 participants
Contributor

asedeno commented Oct 27, 2011

If a user attempts to submit an expense without supplying a description, they are told that the description is required.

After adding a description, submitting the expense results in a 403 Forbidden error.

Owner

ebroder commented Oct 27, 2011

I saw this on Emergent Studio's BlueChips install. At the time, I concluded that it was connected to Emergent's Facebook auth setup, but it sounds like I was wrong.

It looks like this is connected to the CSRF authentication nonces that are inserted into most BlueChips forms. When the form is re-presented after failing verification, the nonce appears to be empty:

<form action="/spend/update?id=None" method="post">
  <div style="display: none;"><input id="_authentication_token" name="_authentication_token" type="hidden" value="" /></div>

(No, I don't know why we're wrapping a hidden input field in a display: none div)

@ebroder ebroder closed this in 677f57d Dec 12, 2011

ebroder added a commit that referenced this issue Dec 12, 2011

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment