<bill-auger> lukeshu: any idea why i can not log into redmine with iceweasel?
             i may have found another bug
<bill-auger> it gives me 422 Invalid form authenticity token.
<bill-auger> maybe there is something in the server logs that would explain
             the 422 ?
<bill-auger> nm - i figured out the problem i had cookies disabled
<lukeshu> lol
<lukeshu>

    Started POST "/login" for 127.0.0.1 at 2018-08-27 02:17:46 +0100
    Processing by AccountController#login as HTML
      Parameters: {"utf8"=>" ", "authenticity_token"=>"1Kl1jHGxlicpcW5DY5++f+twUv/RQCq2bqJdbJzS3WPTjBEGYKUb5L28Z0trCODpNTTDccl55rUAMFd87bIkZA==", "back_url"=>"https://labs.parabola.nu/issues/1966", "username"=>"bill-auger", "password"=>"[FILTERED]", "login"=>"Login"}
    Can't verify CSRF token authenticity
      Rendered common/error.html.erb within layouts/base (4.1ms)
      Rendered hooks/parabola/_view_layouts_base_html_head.html.erb (0.1ms)
      Rendered hooks/parabola/_view_layouts_base_body_top.html.erb (0.1ms)
    Filter chain halted as :verify_authenticity_token rendered or redirected
    Completed 422 Unprocessable Entity in 49ms (Views: 41.0ms | ActiveRecord: 3.3ms)

<lukeshu> is what I had just found in the logs :)
<bill-auger> yes that it
<bill-auger> you can see the auth token is sent - so that error message is not
             helpful
<lukeshu> The helpful bit is the "Can't verify CSRF token authenticity" (IDK
          if that showed up in the rendered page), the CSRF check
          cross-references the a POST parameter with a cookie value and makes
          sure they are the same.
<bill-auger> no it only shows "422 Invalid form authenticity token." 
<lukeshu> That's no good