[REUSE] Bug in the subscribe form of this mailing list
seabass-labrax at gmx.com
Sun Apr 18 17:53:43 UTC 2021
> For of all, thank you for signing up and becoming part of the list,
> albeit the hurdles on your way. Welcome!
Thanks! I'm glad to be subscribed; I'm sure it'll have been worth it! :)
> I have tried to reproduce your error, to no avail. Of course, the form
> uses the POST method and some CSRF protection. There are no complex
> proxy hacks in use as long as you use the following site to sign up:
I used that URL, except with REUSE in lower case (as linked to at the
bottom of the https://reuse.software homepage).
> Could it be that there was a longer timespan between opening the
> sign-up form site (URL above), and actually sending the request? In
> this case, the CSRF protection kicked in because the dynamic code of
> your individual form expires after a certain time (10 minutes IIRC
According to my browser history, my initial visit to the registration
page to the error were less than five minutes apart. I was using
Chromium, specifically the chromium-browser-privacy build from RPM
> Usually, this CSRF code should be regenerated with every page reload,
> so what you did (refreshing the page) should have worked. I honestly
> don't know why this failed, and why signing up to digests worked
I tried to reproduce it with Firefox, using a different email address
and with the non-digest setting. The subscription was successful, but
bizarrely, I could not get to the subscriber settings page! I got
'Connection refused' errors regardless of whether I contacted
lists.fsfe.org with or without TLS, on Firefox, Chromium or even curl.
> If you or anyone continues to experience similar technical issues,
> please let me know (ideally via private mail) and I'll investigate
> more thoroughly. For now, I reckon this was just a silly edge case of
> failed communication between Mailman and your browser.
In conclusion, I agree - you can discount my experiences as a silly edge
case :) We are getting into real xkcd.com/2259 territory here!
Thanks for taking the time to look into this.
More information about the REUSE