Author

Topic: localbitcoins.com - csrf error (Read 1973 times)

legendary
Activity: 4760
Merit: 1283
August 14, 2013, 02:35:02 AM
#3
Hey Kris, thanks for the info.

I doubt that I will find counter-parties interested in the volumes I want on localbitcoins anyway so I probably won't even diagnose things further.

Chromium is a more limited browser than Chrome and leaves out some non open-source stuff compiled into Chrome (which is some of the reason I'm more comfortable using it for more sensitive work in fact.)  This could be at the root of the issue I'm seeing, or it could be some session defect.  Or it could be a genuine MITM type thing I suppose.  Who knows.  I'll just log it away as a point of interest.

donator
Activity: 640
Merit: 500
August 13, 2013, 07:42:15 PM
#2
I am thinking it may be session related. If the CSRF set client side does not match up with the CSRF server side, it would not allow you to complete the request.
However what might have caused this problem I would not know, I can only speculate.

1. No javascript enabled in your browser.
2. Browser not able to set cookies/session
3. A delay in connection, so the CSRF manage to timeout.
4. All of the above, or anything in between.
legendary
Activity: 4760
Merit: 1283
August 13, 2013, 04:41:55 PM
#1

I thought I'd get an account with 'localbitcoins.com' even though transactions of the size I'm interested in don't seem that common.  Upon trying to set up an account, I get the following error:

  ---
  Forbidden (403)
  CSRF verification failed. Request aborted.
  More information is available with DEBUG=True.
  ---

In a search of bitcointalk.org, I only see one reference in the newbies section from someone else noticing the phenomenon, and no response.

Before I research the potential issues (if I even bother), I just wondered if others might have noticed the same behavior.

I am running on one of my more secure machines.  FreeBSD with Chromium built from source: Version 25.0.1364.97 (183676)  I am also on a satellite connection.  I am not interested in setting security ignore overrides unless and until I understand fairly completely why such behavior occurs, and this is particularly true of security certificate related issues in Bitcoin-land.

Jump to: