|
Title: Anyone else seen this cross site scripting warning on Bitstamp? Post by: go1111111 on November 11, 2013, 11:27:16 PM I recently saw the following message two times yesterday. Both times I had entered my user ID and password to log into Bitstamp, been prompted to enter my two factor authentication using Google Authenticator, waited for perhaps 30 seconds or more, entered my authentication token, and then seen this message: "forbidden (403) CSRF verification failed. Request aborted. You are seeing this message because this HTTPS site requires a 'Referer header' to be sent by your Web browser, but none was sent. This header is required for security reasons, to ensure that your browser is not being hijacked by third parties." Does anyone else who uses Bitstamp see this occasionally? I'm trying to figure out whether I was the target of a legit XSS attack or whether it's some issue on Bitstamp's side. I asked Bitstamp support, but they weren't helpful and just said to "enable cookies." I don't think they understood that I only get this intermittently. Title: Re: Anyone else seen this cross site scripting warning on Bitstamp? Post by: Kris on November 12, 2013, 03:38:36 AM It's when you are not quick enough to write in the two-factor code for example, their CSRF token will expire.
I admit I think it a bit harsh to set it to timeout this quick, but hey whatever works. Title: Re: Anyone else seen this cross site scripting warning on Bitstamp? Post by: go1111111 on November 12, 2013, 05:40:29 AM Thanks! That makes sense.
Title: Re: Anyone else seen this cross site scripting warning on Bitstamp? Post by: realcoin on November 20, 2013, 10:47:13 AM I have too "CSRF verification failed" after Login, but I didnt use "two-factor" authentication.
|