I have three custom pages, call them "d.html", "a.html" and "c.html". "d.html" is the dashboard for the plugin, and from that one to either of the others and back to "d.html". I transition between them using 'window.location = "d.html";' which works fine for all of the transitions, except one. When I'm on d.html and I want to go to a.html with an argument, I do 'window.location = "a.html?upid=123";'. That one works just fine on Chrome and Firefox (on Linux and Mac) and IE9 (On Windows 7), but on IE8 I get the dreaded "Cross site request forgery". Clicking the "click here to resume your request" of course gets me to the page as requested.
In the log, the message is Possible CSRF: your browser did not supply a Referrer header (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:1369 Looking at the source code, it appears that the problem is that IsCompCSRFWhitelisted is complaining about the fact that there is an argument. But why isn't IE8 sending a referrer header when the other browsers do? This is RT 4.0.6, running in standalone development mode. -- http://www.linkedin.com/in/paultomblin http://careers.stackoverflow.com/ptomblin
-------- Final RT training for 2012 in Atlanta, GA - October 23 & 24 http://bestpractical.com/training We're hiring! http://bestpractical.com/jobs
