Hi Grant, > > Well, that's a hint, at least. When I can get my hands on Windows again, I'll > see if I can reproduce that way. > >> Is it perhaps possible that there is some javascript which triggers a change >> of the csrf_token after the HTML is sent to the browser? Depending on the >> timing of the browser-engine? > > The rhn:csrf tag is filled in server-side as part of the server preparing the > HTML to be sent to the client, it's not something that gets touched > client-side. > > I can't imagine that IE's dev-tools are magically changing things - but it > sure does feel like that. Ugh.
To be clear: IE produces everytime the error, with or without dev-tools running. Safari on Mac has different behavior with dev-tools running than without. > >> As a side note: Some forms contain the csrf_token twice (with the same value) >> in the POST data, but this is the case with every browser, so I don’t think >> this is a problem at all. > > Yeah, I recall fixing a few JSPs that had the tag in two places - clearly, I > didn't find them all. It's not harmful, just...untidy. > > If you keep poking at this, let me know what you find; I'll do the same. I will do some more poking next week. > > In the meantime, 'turn off dev-tools, or use a browser that doesn't hate all > of us' is my suggested workaround :) It is all about my collegues' „bad habits“ to use a broken browser ;) Regards, Bernhard
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
