[Bug 1447445] [NEW] Web subscribe can fail in cases of load balancers or other devices.
mark at msapiro.net
Thu Apr 23 06:39:32 CEST 2015
Public bug reported:
The fix for (LP: #1082746) implemented a SUBSCRIBE_FORM_SECRET feature.
If this is enabled by a site, the subscribe form on the listinfo page
contains a hidden input field which includes a hash of various data
including the IP address that the GET of the listinfo came from. Upon
submission of the form, this hash is recomputed using the IP address
that the POST of the form came from, and if the hashes don't match, the
This can cause legitimate subscribes to fail if the user is connected
via a load balancer or other device which submits http(s) requests using
a possibly different IP for each request.
** Affects: mailman
Assignee: Mark Sapiro (msapiro)
Status: In Progress
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
Web subscribe can fail in cases of load balancers or other devices.
To manage notifications about this bug go to:
More information about the Mailman-coders