dap1--- via Mailman-users writes: > [2025-11-10 15:35:21 +0000] [5297] [DEBUG] GET /mailman3/ > [2025-11-10 15:35:25 +0000] [5297] [DEBUG] GET /accounts/login/ > [2025-11-10 15:35:28 +0000] [5295] [DEBUG] POST /accounts/login/
I assume the preceding "POST /accounts/login/" was you entering username and password? > Forbidden (403) > > CSRF verification failed. Request aborted. CSRF (cross-site request forgery) is an attack where an attacker tries to spoof your authenticated session. This is prevented by adding a one-time authentication token to the page to ensure that the login procedure all comes from the same host, and then the resulting session cookie is provided only to the authorized user. See https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html Somehow your browser or site is doing this incorrectly, and your attempt to log in is being refused. One way this can happen is if you use the "back page" browser button (or otherwise the browser history). Otherwise I don't know how this can happen offhand. Maybe Mark knows. -- GNU Mailman consultant (installation, migration, customization) Sirius Open Source https://www.siriusopensource.com/ Software systems consulting in Europe, North America, and Japan _______________________________________________ Mailman-users mailing list -- [email protected] To unsubscribe send an email to [email protected] https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/ Archived at: https://lists.mailman3.org/archives/list/[email protected]/message/SPA4TFUO4GKXXEHF2FBSYGK3KESPP7TY/ This message sent to [email protected]
