Ubuntu One Servers

v2 music API CSRF prevention blocks modifying and deleting playlists

Bug #1154891 reported by James Tait
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu One Servers
Confirmed
High
Unassigned

Bug Description

"Although I was able to GET songs in a playlist, when I try to update:

PUT: httpResponseStatus 403 394 ms

     request: url: https://one.ubuntu.com/api/music/v2/playlists/D-318c461bcf1343db937360d02bb17b3f/

      contentType: application/json

      idleTimeout: 30000

       dataFormat: text

             data: {"name":"newName"}

              hdr: [ Authorization ] = OAuth auth_signature_method="PLAINTEXT",oauth_timestamp="1363189583", etc…

CSRF verification failed. Request aborted."

Julien Funk (jaboing)
tags: added: u1-by-dev u1-music-player u1-on-production
Changed in ubuntuone-servers:
status: New → Confirmed
Curtis Hovey (sinzui)
Changed in ubuntuone-servers:
assignee: Registry Administrators (registry) → nobody
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.