Conversation
Notices
-
On my instance: "Error setting user. Missing authorization header data. Please logout and login " http://u.daggsy.com/Hc
Logging out and in doesn't do anything. This is likely due to recent !qvitter changes.-
@takeappleakenji The CSRF thing probably, but I this is the first I've heard of that problem. /cc @hannes2peer
-
@maiyannah @hannes2peer Yeah, it's definitely the CSRF thing. QvitterPlugin.php:1309 is in the if(!isset($_SERVER['HTTP_X_QVITTER_CSRF']) block here: http://u.daggsy.com/Hd
-
@takekiwiakenji @hannes2peer While it probably isn't the problem superglobals are considered a bad practice.
-
@maiyannah @takepapayaakenji @hannes2peer Me and some SPC users had a problem where we would get logged out after closing the browser. Seems like this may be it.
-
@archaeme @hannes2peer @maiyannah I restarted php-fpm and the queue daemons in the normal order (including checkschema), then logged out and in. Still no dice.
-
@takebatcaveakenji @maiyannah @hannes2peer I'm pretty confident it's the CSRF patch that caused it. Didn't occur before the update.
-
@archaeme @hannes2peer @takemangoakenji Thought occurs to me that in certain php setups the plugin might not be able to add the http header it's looking for.
-
@archaeme @hannes2peer @maiyannah Cool.
By the way, I don't see where HTTP_X_QVITTER_CSRF is set. https://hastebin.com/raw/araxicosus -
@takepapayaakenji @hannes2peer @archaeme Im not very familiar with Hannes' patch beyond helping fix an image upload problem it's why I CC'd him, he'd know better than I.
-
@maiyannah @takecherryakenji @archaeme you can probably safely downgrade to before that fix. it was an issue with older versions of gs.
-
@maiyannah @takePotato Knishesakenji @archaeme i might have to rethink that fix altogether
-
