Issue with VSP

Royal Astronomical Society of New Zealand, Variable Star Section (RASNZ-VSS)
Thu, 08/06/2015 - 08:10

Hi Will
I was using the new VSP fine. But this morning when I went to downoad a chart, I got the message shown below. I haven't changed anything on my Mac. I haven't turned off cookies and I even checked to see it's still turned on. The funny thing is that it was working and now it's not.
Does anyone else have this problem?
Stephen [HSP]

Forbidden (403)

CSRF verification failed. Request aborted.

You are seeing this message because this site requires a CSRF cookie when submitting forms. This cookie is required for security reasons, to ensure that your browser is not being hijacked by third parties.

If you have configured your browser to disable cookies, please re-enable them, at least for this site, or for 'same-origin' requests.

Royal Astronomical Society of New Zealand, Variable Star Section (RASNZ-VSS)
It works with Chrome but not

It works with Chrome but not with Safari (my regular browser) nor with Firefox.
Stephen [HSP]

American Association of Variable Star Observers (AAVSO)
same behavior on Windows


I can also reproduce this on Windows: with Firefox 39.0 I get the 403 code, also with IE 10.

With Chrome (Version 44.0.2403.125 m) everything works fine. Same for Opera.

Something to be noted: the web APIs don't seem to be affected by this (tested them on IE10, Chrome and Opera); this one seems to be related strictly to the VSP form and some browsers.




American Association of Variable Star Observers (AAVSO)
Me too. The phrase "if it

Me too. The phrase "if it ain't broke, don't fix it" springs to mind!

American Association of Variable Star Observers (AAVSO)
This is a difficult one; this

This is a difficult one; this issue isn't affecting everybody and I'm not sure what exactly is causing some people to see it.

Try clearing your browser cache (instructions here: and let me know if that fixes it for you. 

Royal Astronomical Society of New Zealand, Variable Star Section (RASNZ-VSS)

Thanks, Will. I have cleared the cache in both Safari and Firefox and still I get the above error message.

Is there anyone out there who can download maps in Safari or Firefox on a Mac?
Chrome and Opera both work.
Stephen [HSP]

American Association of Variable Star Observers (AAVSO)
Figured it out - http vs. https


I think I figured it out: each time I got this error, it was due to accessing VSP as

When accessing the form from, everything went fine.


The cause is that the VSP form targets ....type=chart, and on some browsers, changing either the protocol (http vs. https) or the host part of the URL will be flagged as a cross site forgery attack. Other browsers will flag a potential attack onlyif the host or port part of the URL changes. In our particular case, Firefox and Safary interpreted that a form accessed via http should not target a page using https.


Bottom line, when everything in the site will use the same protocol (https I think), then everything will work just fine. Until then, I think it's safe to just update our bookmarks to use https.



--- edited ---

Corrected typo (, not - thanks Stephen)

Royal Astronomical Society of New Zealand, Variable Star Section (RASNZ-VSS)
VSP in general

Thank you, Herr_Allen.
It now works.
One small typo, I believe -- rather than
Now I am happy as I use VSP a lot.
Kindest regards
Stephen [HSP]

Svensk Amator Astronomisk Förening, variabelsektionen (Sweden) (SAAF)
Alexandru's idea also works

Alexandru's idea also works for me. https:// is OK, http:// is not OK using Firefox 38.0.5 on Mac OS X 10.10.3



American Association of Variable Star Observers (AAVSO)
Thanks for getting to the

Thanks for getting to the bottom of this, Alex! Fortunately we'll be moving to only using https: urls in the near future; at that point all http: urls will redirect to https so people won't run into this problem anymore.