[Spacewalk-list] Linking to System Upgrade package List Error
Jeremy Davis
jdavis4102 at gmail.com
Thu Sep 15 13:16:47 UTC 2011
Hello Jan,
Thank you for the reply. Is there a patch I could apply to a 1.4 system to resolve this issue?
On Sep 15, 2011, at 6:23 AM, Jan Pazdziora <jpazdziora at redhat.com> wrote:
> On Thu, Sep 15, 2011 at 01:59:30PM +0200, Jan Pazdziora wrote:
>> On Thu, Sep 08, 2011 at 03:55:19PM -0600, Jeremy Davis wrote:
>>> Hello List,
>>>
>>> I am trying to link to the "Upgrade" package list page within Spacewalk for
>>> an individual system using the following link. After it gives the error if
>>> you were to refresh the browser it takes you to the correct link.
>>>
>>> https://<hostname
>>> remove>/rhn/systems/details/packages/UpgradableList.do?sid=1000010166<https://spacewalkdev.intranet.gdg/rhn/systems/details/packages/UpgradableList.do?sid=1000010166>
>>>
>>> When I click this link from another webpage it brings me to the system
>>> overview page and generates the follow error in the tomcat logs.
>>>
>>> 2011-09-08 14:48:55,711 [TP-Processor5] FATAL
>>> com.redhat.rhn.frontend.servlets.AuthFilter - Referrer
>>> (swreporting.intranet.gdg) for url
>>> /systems/details/packages/UpgradableList.do does not match. Redirecting to
>>> /rhn/YourRhn.do.
>>>
>>> Is there anyway to get Spacewalk to allow you to continue to the correct
>>> link without giving this error or redirecting.
>>
>> I wonder if enabling mod_asis on your Spacewalk and then creating
>>
>> /var/www/html/pub/upgradable_packages_for_xxx.asis:
>> Status: 301
>> Location: https://<hostname>/rhn/systems/details/packages/UpgradableList.do?sid=1000010166
>>
>> and linking to
>>
>> https://<hostname>/pub/upgradable_packages_for_xxx
>>
>> would do the trick?
>
> Anyway, I've now removed the referer check from Spacewalk master
> because we now have full CSRF handling to replace it.
>
> --
> Jan Pazdziora
> Principal Software Engineer, Satellite Engineering, Red Hat
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
More information about the Spacewalk-list
mailing list