CSRF checks are not working properly and cause operations to fail
-----------------------------------------------------------------
Key: MRM-1529
URL: https://jira.codehaus.org/browse/MRM-1529
Project: Archiva
Issue Type: Bug
Components: Users/Security
Affects Versions: 1.4-M1
Reporter: Brett Porter
Priority: Blocker
It seems the upgrade of Struts caused a problem with the token check.
I tried to grant the guest user "manager" permission on a repository, and it
always fails a CSRF check, where it does not on 1.3.5.
I also tried to remove a permission from a repository and had the same problem.
I had not visited other Archiva pages in the mean time.
All pages using token may need to be reviewed.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
