On Tue, 2015-05-12 at 10:58 +0000, Lichtinger, Bernhard wrote: > Hello, > > > I've upgraded to spacewalk 2.3 (server on rhel 6, pgsql 8.4) and I > encounter an issue when updating user roles. > 1/ I create a new user > > 2/ I want to give him "Organisation admin" role > 3/ When I click > Update, I get an error page saying: > HTTP Status 403 - Validation of > CSRF security token failed > > type Status report > > message > Validation of CSRF security token failed > > description Access to the > specified resource (Validation of CSRF security token failed) has been > forbidden. > > I get the same error with IE11 when I press the button „Select All“ > below the system list of anyone of my system groups. > > Apache log entry: "POST /rhn/groups/ListRemoveSystems.do?sgid=37 > HTTP/1.1" 403 1084 > > When I try to select individual hosts via the checkbox in the same > view, I get an popup with „Unexpected error, please reload the page and > check server logs" > > Apache log is: "POST /rhn/dwr/call/plaincall/DWRItemSelector.select.dwr > HTTP/1.1" 200 145 which looks the same as with other browsers. > > Trying to change the prefix in user account details, I get also the > CSRF error and in apache logs: "POST /rhn/account/UserDetailsSubmit.do > HTTP/1.1" 403 1084 > > All other browsers are working fine, only Internet Explorer has > problems.
Running on IE11 11.0.9600.17728 on Win7/64, and haven't been able to reproduce this at all :( What version of Windows are you on? > I don’t know if it matters, I have an ipv4/ipv6 dual-stack network. All > http-requests are done via ipv6, as far as I can see in the apache > logs. It *shouldn't* matter - nobody's doing anything that far down in the networking stack. > Running spacewalk-2.3 on CentOS6 with pgsql-8.4. My spacewalk instance is on F21 and pgsql-9.2 - but again, the DB and OS aren't really involved in the CRSF-validity decision. I'm really puzzled :( G > Regards, Bernhard _______________________________________________ > Spacewalk-list mailing list [email protected] > https://www.redhat.com/mailman/listinfo/spacewalk-list -- Grant Gainey Principal Software Engineer, Red Hat Satellite _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
