----- Original Message ----- > Hello list, > I've upgraded to spacewalk 2.3 (server on rhel 6, pgsql 8.4) and I encounter > an issue when updating user roles. > 1/ I create a new user > 2/ I want to give him "Organisation admin" role > 3/ When I click Update, I get an error page saying: > HTTP Status 403 - Validation of CSRF security token failed > > type Status report > > message Validation of CSRF security token failed > > description Access to the specified resource (Validation of CSRF security > token failed) has been forbidden. > > 4/ I click back in my browser, add Org admin role again, click update, it > works... > > Using spacecmd, it works. > > I can't find a single error log in /var/log... > > Does anyone encounters the same issue?
CSRF-token is there to help prevent XSS attacks; it's a token generated per-page-refresh, and validated early in the HTTP process. I've only seen CSRF_val fail when my session had timed out or was otherwise invalid. spacecmd will never throw this, since it's a web-ui-only construct. I haven't been able to reproduce under Chrome against my 2.3 box. What browser are you using? G -- Grant Gainey Principal Software Engineer, Red Hat Satellite _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
