Make sure, you do not load the user page in one tab, then do some other action in another tab and then submit the user permission change on the original tab. This is the way, how you get the CSRF exception for sure.
(I was also not able to reproduce described behavior.) Regards, -- Tomas Lestach Red Hat Satellite Engineering, Red Hat ----- Original Message ----- > From: "Pierre Casenove" <[email protected]> > To: [email protected] > Sent: Wednesday, May 6, 2015 8:23:18 PM > Subject: Re: [Spacewalk-list] SP 2.3: Update user details issue > > > > Hello, > I've tried with IE 10 and Chrome, with the same result. > I've also checked that the same issue appeared when using the > satellite administrator account. > I'll keep searching, but as i don't have any log, it is not easy. > > > Pierre > > > 2015-05-06 17:50 GMT+02:00 Grant Gainey < [email protected] > : > > > > > ----- Original Message ----- > > Hello list, > > I've upgraded to spacewalk 2.3 (server on rhel 6, pgsql 8.4) and I > > encounter > > an issue when updating user roles. > > 1/ I create a new user > > 2/ I want to give him "Organisation admin" role > > 3/ When I click Update, I get an error page saying: > > HTTP Status 403 - Validation of CSRF security token failed > > > > type Status report > > > > message Validation of CSRF security token failed > > > > description Access to the specified resource (Validation of CSRF > > security > > token failed) has been forbidden. > > > > 4/ I click back in my browser, add Org admin role again, click > > update, it > > works... > > > > Using spacecmd, it works. > > > > I can't find a single error log in /var/log... > > > > Does anyone encounters the same issue? > > CSRF-token is there to help prevent XSS attacks; it's a token > generated per-page-refresh, and validated early in the HTTP process. > I've only seen CSRF_val fail when my session had timed out or was > otherwise invalid. > > spacecmd will never throw this, since it's a web-ui-only construct. > > I haven't been able to reproduce under Chrome against my 2.3 box. > What browser are you using? > > G > -- > Grant Gainey > Principal Software Engineer, Red Hat Satellite > > _______________________________________________ > Spacewalk-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/spacewalk-list > > > _______________________________________________ > Spacewalk-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/spacewalk-list _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
