Freshrss: Error 403 when a new user registers

Created on 21 Apr 2019 · 11Comments · Source: FreshRSS/FreshRSS

Hello :)

New user can't registers on my FreshRSS instance.
After test, I encounter this error :

Error 403 - Forbidden

You don’t have permission to access this page [CSRF]

But registration module is native with freshrss right ? So I don't forgot update it when I update frashrss ? :sweat_smile:

So I have FreshRSS version 1.14.2 with Swage theme.

Can you help me ? :)

Regards

Critical Security

Source

Dryusdan

Most helpful comment

Ah, indeed, I can reproduce too

Alkarex on 21 Jun 2019

👍2

All 11 comments

I also encountered the same situation. @Alkarex

wangz1yu on 8 Jun 2019

I've made some tests. I can reproduce. I search the code to find where this is triggered. At the moment, I don't know where. It's located deep in Minz because the process does not even enter the called method.
So far I am out of luck!

aledeg on 17 Jun 2019

👍1

@aledeg Could you please tell the sequence to reproduce?

Alkarex on 21 Jun 2019

@Alkarex it's very easy. You increase the number of allowed user to be greater than the current number of user. Then you logout and try to create a new user from the login page. And then 403!

aledeg on 21 Jun 2019

👍1

Ah, right. @Dryusdan and @wangz1yu : do you believe it is the same issue you are facing?
In which case, we should probably just change the UI to e.g. remove the registration field when there are too many users already.

Alkarex on 21 Jun 2019

I'm not remember if I increase number of allowed user.
This value is set to 150 (at the start of my instance there is 100 user allowed). But I have only 41 users registed so... The registeration form does appear.

Capture d’écran du 2019-06-21 09-17-15