On January 8, I noticed a problem when I tried to unsubscribe from a thread. Clicking on the active phrase “click here” to unsubscribe opens a new window where I click the “Unsubscribe“ button, which opens a new window which says “BAD CSRF,” instead of “Email preferences updated!”
The above happened probably at least half a dozen times before I looked at Wikipedia to see that CSRF stands for cross-site request forgery, and the information was disconcerting. Initially I thought the problem had resolved itself, but it has not. I don’t know if the problem is with my computer or with the COPA website, but I would like to see a resolution, of course. Thanks.
That is almost always a server issue. CRSF checks are put in place to prevent forgery and other nefarious actions from occurring. Such a warning is actually a good thing showing that the server has implemented CRSF protocols.
Erik, yes, I could do what you recommended and change the topic control from watching to muted. That would seem to be a work-around maneuver but likely reasonable to try. After lunch I started going through more COPA emails, and now, of course, I’m not getting any “Bad CSRF” warnings. The Unsubscribe button seems to be working. This problem has indeed been intermittent over the last week. Thanks for your attention.
We think we’ve tracked down this issue to a bug in the latest version of Google Chrome (97). This was released on January 4th, and has been slowly rolling out to users since then.
Google should begin rolling out a fix for the bug in the next few days, but in the meantime we’ve applied a workaround which should resolve the problem.
Please do let us know if anyone continues to run into issues.
