That makes me wonder: would having two subdomains do it? I have tickets.domain.com and rt.domain.com both going to the same thing, but rt.autodist.com is the actual domain in the configuration files. I wonder if starting from tickets.domain.com would cause this warning, as the browser sees one domain trying to do action on what it thinks is a different one? I'll have people stick to rt.domain.com and see if that makes a difference.
On Tue, Sep 27, 2016 at 8:23 AM, Sean Cwiek <cwi...@mcls.org> wrote: > Hey Alex, > > > > We’ve seen this when users are jumping between the http and https versions > of our RT instance. Advising everyone to login at the https address seemed > to resolve it for us. > > > > Thanks. > > > > -Sean > > > > *From:* rt-users [mailto:rt-users-boun...@lists.bestpractical.com] *On > Behalf Of *Alex Hall > *Sent:* Monday, September 26, 2016 4:07 PM > *To:* rt-users <rt-users@lists.bestpractical.com> > *Subject:* [rt-users] Some users getting CSRF warnings when creating > tickets? > > > > Hi all, > > We're starting to have more people test RT now. Oddly, the two who just > started trying it out get CSRF warnings when they try to make or update > tickets, while no one else does. They are using Chrome, but so is a guy who > is *not* getting the warnings. We're all in the same building, thus on the > same network. Any idea why this might be happening? My Nginx log for RT > doesn't include anything about this, and my RT log is empty. Thanks. > > > -- > > Alex Hall > > Automatic Distributors, IT department > > ah...@autodist.com > -- Alex Hall Automatic Distributors, IT department ah...@autodist.com
--------- RT 4.4 and RTIR training sessions, and a new workshop day! https://bestpractical.com/training * Boston - October 24-26 * Los Angeles - Q1 2017