Hello, Thanks for you help, I've corrected the issue. In fact, the security team force to replace the Include conf.d/* in the httpd.conf file by the exact list of file to import. I was missing momentjs.conf include. No issue on spacewalk side so.
Pierre 2015-05-07 9:00 GMT+02:00 Tomas Lestach <[email protected]>: > Make sure, you do not load the user page in one tab, > then do some other action in another tab > and then submit the user permission change on the original tab. > This is the way, how you get the CSRF exception for sure. > > (I was also not able to reproduce described behavior.) > > Regards, > -- > Tomas Lestach > Red Hat Satellite Engineering, Red Hat > > > ----- Original Message ----- > > From: "Pierre Casenove" <[email protected]> > > To: [email protected] > > Sent: Wednesday, May 6, 2015 8:23:18 PM > > Subject: Re: [Spacewalk-list] SP 2.3: Update user details issue > > > > > > > > Hello, > > I've tried with IE 10 and Chrome, with the same result. > > I've also checked that the same issue appeared when using the > > satellite administrator account. > > I'll keep searching, but as i don't have any log, it is not easy. > > > > > > Pierre > > > > > > 2015-05-06 17:50 GMT+02:00 Grant Gainey < [email protected] > : > > > > > > > > > > ----- Original Message ----- > > > Hello list, > > > I've upgraded to spacewalk 2.3 (server on rhel 6, pgsql 8.4) and I > > > encounter > > > an issue when updating user roles. > > > 1/ I create a new user > > > 2/ I want to give him "Organisation admin" role > > > 3/ When I click Update, I get an error page saying: > > > HTTP Status 403 - Validation of CSRF security token failed > > > > > > type Status report > > > > > > message Validation of CSRF security token failed > > > > > > description Access to the specified resource (Validation of CSRF > > > security > > > token failed) has been forbidden. > > > > > > 4/ I click back in my browser, add Org admin role again, click > > > update, it > > > works... > > > > > > Using spacecmd, it works. > > > > > > I can't find a single error log in /var/log... > > > > > > Does anyone encounters the same issue? > > > > CSRF-token is there to help prevent XSS attacks; it's a token > > generated per-page-refresh, and validated early in the HTTP process. > > I've only seen CSRF_val fail when my session had timed out or was > > otherwise invalid. > > > > spacecmd will never throw this, since it's a web-ui-only construct. > > > > I haven't been able to reproduce under Chrome against my 2.3 box. > > What browser are you using? > > > > G > > -- > > Grant Gainey > > Principal Software Engineer, Red Hat Satellite > > > > _______________________________________________ > > Spacewalk-list mailing list > > [email protected] > > https://www.redhat.com/mailman/listinfo/spacewalk-list > > > > > > _______________________________________________ > > Spacewalk-list mailing list > > [email protected] > > https://www.redhat.com/mailman/listinfo/spacewalk-list > > _______________________________________________ > Spacewalk-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/spacewalk-list >
_______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
