[Spacewalk-list] Linking to System Upgrade package List Error
Jan Pazdziora
jpazdziora at redhat.com
Thu Sep 15 12:23:33 UTC 2011
On Thu, Sep 15, 2011 at 01:59:30PM +0200, Jan Pazdziora wrote:
> On Thu, Sep 08, 2011 at 03:55:19PM -0600, Jeremy Davis wrote:
> > Hello List,
> >
> > I am trying to link to the "Upgrade" package list page within Spacewalk for
> > an individual system using the following link. After it gives the error if
> > you were to refresh the browser it takes you to the correct link.
> >
> > https://<hostname
> > remove>/rhn/systems/details/packages/UpgradableList.do?sid=1000010166<https://spacewalkdev.intranet.gdg/rhn/systems/details/packages/UpgradableList.do?sid=1000010166>
> >
> > When I click this link from another webpage it brings me to the system
> > overview page and generates the follow error in the tomcat logs.
> >
> > 2011-09-08 14:48:55,711 [TP-Processor5] FATAL
> > com.redhat.rhn.frontend.servlets.AuthFilter - Referrer
> > (swreporting.intranet.gdg) for url
> > /systems/details/packages/UpgradableList.do does not match. Redirecting to
> > /rhn/YourRhn.do.
> >
> > Is there anyway to get Spacewalk to allow you to continue to the correct
> > link without giving this error or redirecting.
>
> I wonder if enabling mod_asis on your Spacewalk and then creating
>
> /var/www/html/pub/upgradable_packages_for_xxx.asis:
> Status: 301
> Location: https://<hostname>/rhn/systems/details/packages/UpgradableList.do?sid=1000010166
>
> and linking to
>
> https://<hostname>/pub/upgradable_packages_for_xxx
>
> would do the trick?
Anyway, I've now removed the referer check from Spacewalk master
because we now have full CSRF handling to replace it.
--
Jan Pazdziora
Principal Software Engineer, Satellite Engineering, Red Hat
More information about the Spacewalk-list
mailing list