goffi
21/10/2021, 09:06
This is due to invalid CSRF token when checking tickets from different URLs (https://bugs.goffi.org/bugs/view/400 then https://www.goffi.org/bugs/view/400 for instance, the CSRF is first set for `bugs.goffi.org` then for `www.goffi.org` so there is a mismatch).
The short term fix has been to redirect older https://bugs.goffi.org and other matching URLs to https://www.goffi.org/tickets using the HTTP Server. Long term solution would be to match domain name with CSRF to handle aliases. I'm letting this ticket open as a reminder.