Found a template in fas that is not adding the csrf token properly. The Add User button on: https://admin.fedoraproject.org/accounts/group/view/
This is just an annoyance (one particular link leading people to the
CSRF login page instead of directly to the action they requested) but
the fix is easy and non-intrusive.
Patch is:
@@ -77,7 +77,8 @@
<py:if test="can_sponsor">
<dt>${_('Add User:')}</dt>
<dd>
- <form action="${tg.url('/group/application_screen/%s' %
group.name)}">
+ <form action="${tg.url('/group/application_screen/%s' %
group.name)}"
+ method="post">
<input type='text' size='15' name='targetname'/>
<input type="submit" value="${('Add')}" />
-Toshio
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Fedora-infrastructure-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
