Discussion:
Can't connect to bitbucket sing lynx
Shérab
2013-11-07 14:28:01 UTC
Permalink
Hi,

When I try to log in to www.bitbucket.com with lynx I get the following
error message:

Forbidden (403)

CSRF verification failed. Request aborted.
You are seeing this message because this HTTPS site requires a 'Referer
header' to be sent by your Web browser, but none was sent. This header
is required for security reasons, to ensure that your browser is not
being hijacked by third parties.

If you have configured your browser to disable 'Referer' headers, please
re-enable them, at least for this site, or for HTTPS connections, or for
'same-origin' requests.
More information is available with DEBUG=True.

I don't think I disabled anything in lynx...

Thanks,
Shérab.
Karen Lewellen
2013-11-07 16:29:31 UTC
Permalink
Others may be helping, still when I followed the url you posted I was
redirected to the same domain, but as .org not .com
went right through tot he sites main page...which of course does not mean it
will for you. Lynx has no issues in and of itself though.
Karen
Post by Shérab
Hi,
When I try to log in to www.bitbucket.com with lynx I get the following
Forbidden (403)
CSRF verification failed. Request aborted.
You are seeing this message because this HTTPS site requires a 'Referer
header' to be sent by your Web browser, but none was sent. This header
is required for security reasons, to ensure that your browser is not
being hijacked by third parties.
If you have configured your browser to disable 'Referer' headers, please
re-enable them, at least for this site, or for HTTPS connections, or for
'same-origin' requests.
More information is available with DEBUG=True.
I don't think I disabled anything in lynx...
Thanks,
Shérab.
_______________________________________________
Lynx-dev mailing list
https://lists.nongnu.org/mailman/listinfo/lynx-dev
Tim Chase
2013-11-07 14:40:03 UTC
Permalink
Post by Shérab
CSRF verification failed. Request aborted.
You are seeing this message because this HTTPS site requires a
'Referer header' to be sent by your Web browser, but none was sent.
You might need to check your lynx.cfg file for various REFERER*
settings. In particular, you want to make sure that you don't have

REFERER_WITH_QUERY:DROP

but rather either

REFERER_WITH_QUERY:PARTIAL

or the less-secure

REFERER_WITH_QUERY:SEND

Using "PARTIAL" strips off the query-string, but still sends the base
request, while "SEND" sends the whole URL you were at (even if it
contains secure information like a session-key token or
username/password).

It might be that Bitbucket flat-out doesn't work with Lynx (as it
might require JavaScript), but given the error message you received,
the Referer changes would be my first guess.

-tim
David Woolley
2013-11-07 21:50:01 UTC
Permalink
Post by Tim Chase
Post by Shérab
CSRF verification failed. Request aborted.
You are seeing this message because this HTTPS site requires a
'Referer header' to be sent by your Web browser, but none was sent.
The normal reason for requiring REFER is actually as an anti-deep
linking measure, to make sure that you accessed the resource from their
page which probably carries the advertising that pays for their site.
It also helps stop simple automata.
Post by Tim Chase
You might need to check your lynx.cfg file for various REFERER*
settings. In particular, you want to make sure that you don't have
REFERER_WITH_QUERY:DROP
but rather either
The reason people might want to use this is to make click trailing
difficult, particularly cross-site click trailing.
Post by Tim Chase
REFERER_WITH_QUERY:PARTIAL
or the less-secure
The common reason for this is to prevent search engine keywords being
recovered.
Tim Chase
2013-11-07 22:00:44 UTC
Permalink
Post by David Woolley
Post by Shérab
CSRF verification failed. Request aborted.
You are seeing this message because this HTTPS site requires a
'Referer header' to be sent by your Web browser, but none was sent.
The normal reason for requiring REFER is actually as an anti-deep
linking measure, to make sure that you accessed the resource from
their page which probably carries the advertising that pays for
their site. It also helps stop simple automata.
Apparently Bitbucket is using the REFERER as part of their CSRF
protection, at least that's what their error/diagnostic message is
saying.

If it's saying that lynx isn't sending a REFERER, it's pretty likely
that lynx is configured to not send the REFERER.

Now whether you want that privacy or not (I tend to prefer that my
browsers don't broadcast my REFERER), certain sites require it for
their operation or tell you to jump in a lake if you don't.
Apparently, Bitbucket is among them.

-tim

Loading...