Skip to content

Csrf token is not always set on beta.thalia.nu

One-sentence description

The CSRF token for the beta site is not always set, resulting in a 403 for requests that require a CSRF token.

Current behaviour

The CSRF token is not set on every page, possibly only on the login page.

Expected behaviour

The CSRF token is set on every page.

Steps to reproduce

  1. Clear cookies for thalia.nu or start an incognito browser session.
  2. Visit beta.thalia.nu
  3. Click the flag in the top right to change the language.

This will result in a 403.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information