[Spacewalk-list] SP 2.3: Update user details issue
Grant Gainey
ggainey at redhat.com
Wed May 6 15:50:53 UTC 2015
----- Original Message -----
> Hello list,
> I've upgraded to spacewalk 2.3 (server on rhel 6, pgsql 8.4) and I encounter
> an issue when updating user roles.
> 1/ I create a new user
> 2/ I want to give him "Organisation admin" role
> 3/ When I click Update, I get an error page saying:
> HTTP Status 403 - Validation of CSRF security token failed
>
> type Status report
>
> message Validation of CSRF security token failed
>
> description Access to the specified resource (Validation of CSRF security
> token failed) has been forbidden.
>
> 4/ I click back in my browser, add Org admin role again, click update, it
> works...
>
> Using spacecmd, it works.
>
> I can't find a single error log in /var/log...
>
> Does anyone encounters the same issue?
CSRF-token is there to help prevent XSS attacks; it's a token generated per-page-refresh, and validated early in the HTTP process. I've only seen CSRF_val fail when my session had timed out or was otherwise invalid.
spacecmd will never throw this, since it's a web-ui-only construct.
I haven't been able to reproduce under Chrome against my 2.3 box. What browser are you using?
G
--
Grant Gainey
Principal Software Engineer, Red Hat Satellite
More information about the Spacewalk-list
mailing list