# New Ticket Created by Aaron Sherman # Please include the string: [perl #128494] # in the subject line of all future correspondence about this issue. # <URL: https://rt.perl.org/Ticket/Display.html?id=128494 >
Reproduce: Google "bugs report perl6" and follow first result to visit http://rakudo.org/tickets/ and click "List of all new and open tickets" Expected behavior: Display list of open tickets. Observed result: RT has detected a possible cross-site request forgery for this request, because the Referrer header supplied by your browser (rakudo.org:80) is not allowed by RT's configured hostname (rt.perl.org:443) or whitelisted hosts ( www.bitcard.org:443, www.bestpractical.com:443). A malicious attacker may be trying to modify or access a search on your behalf. If you did not initiate this request, then you should alert your security team. Workaround: Click provided "if you really intended..." link which includes a CSRF token. Solution: Add rakudo.org to the whitelist. (perhaps along with all other Perl6-relevant sites? probably the docs site at least!) -- Aaron Sherman, M.: P: 617-440-4332 Google Talk, Email and Google Plus: a...@ajs.com Toolsmith, developer, gamer and life-long student.
