MMacD
Explorer
- Joined
- Dec 12, 2014
- Messages
- 55
I tried to post this as a bug, but the system hasn't sent me my verification mail, so here I am.
Trying to log in, I got a "CSRF verification failed. Request aborted" message. Thinking it was a referrer-header problem per the message, I fooled around with that awhile without success. Then I wondered whether it could be a bad error message and the real problem is that I won't let it set a cookie (I permit cookies on a per-site basis and it's really remarkable how many sites emit misleading error messages when thwarted).
Sure enough, that's what the problem was: there was nothing wrong with the headers, FNAS just couldn't set a cookie.
Trying to log in, I got a "CSRF verification failed. Request aborted" message. Thinking it was a referrer-header problem per the message, I fooled around with that awhile without success. Then I wondered whether it could be a bad error message and the real problem is that I won't let it set a cookie (I permit cookies on a per-site basis and it's really remarkable how many sites emit misleading error messages when thwarted).
Sure enough, that's what the problem was: there was nothing wrong with the headers, FNAS just couldn't set a cookie.