Page MenuHomePhabricator
Create Task
Maniphest T4802

Absolute URI/CSRF token error building form for File Info page
Closed, ResolvedPublic
Actions

Description

When trying to view a raw file (http://phabricator.install/file/info/PHID-FILE-uzurwewgs4q4n6guy22q/), I'm getting the following Unhandled Exception:

You are building a <form /> that submits to Phabricator, but has an absolute URI in its 'action' attribute ('http://phabricator.install/file/data/w2lp3bjvxw36jmqbpnii/PHID-FILE-uzurwewgs4q4n6guy22q/prod.sh'). To avoid leaking CSRF tokens, Phabricator does not add CSRF information to forms with absolute URIs. Instead, use a relative URI.

It works for some files (json, js, css - those that view directly) but fails for others (php, sh, twig - those that need to show the info - these are a bit random too, I'd have thought they could view directly)

A bit of digging shows PhabricatorEnv::getCDNURI($path) is returning the absolute URI in getViewURI()

I presume this is a configuration issue on our end since I can't reproduce on secure.phabricator.com, but I can't track down what's changed.
Any ideas?

Revisions and Commits

rP Phabricator
D8776rP04c07a7a7b6d Remove the developer-specific CSRF help in phabricator_form()

Event Timeline

zorfling created this task.Apr 15 2014, 5:06 AM
zorfling assigned this task to epriestley.
zorfling raised the priority of this task from to Needs Triage.
zorfling updated the task description. (Show Details)
zorfling added a project: Files.
zorfling added a subscriber: zorfling.
chihchen.lin added a subscriber: chihchen.lin.Apr 15 2014, 7:26 AM
epriestley edited this Maniphest Task.Apr 15 2014, 4:11 PM
epriestley edited this Maniphest Task.Apr 15 2014, 5:18 PM
epriestley closed this task as Resolved.Apr 15 2014, 5:18 PM

Closed by commit rP04c07a7a7b6d.

Phabricator · Built by Phacility