[Spacewalk-list] SP 2.3: Update user details issue

Tomas Lestach tlestach at redhat.com
Thu May 7 07:00:42 UTC 2015 

Make sure, you do not load the user page in one tab,
then do some other action in another tab
and then submit the user permission change on the original tab.
This is the way, how you get the CSRF exception for sure.

(I was also not able to reproduce described behavior.)

Regards,
--
Tomas Lestach
Red Hat Satellite Engineering, Red Hat


----- Original Message -----
> From: "Pierre Casenove" <pcasenove at gmail.com>
> To: spacewalk-list at redhat.com
> Sent: Wednesday, May 6, 2015 8:23:18 PM
> Subject: Re: [Spacewalk-list] SP 2.3: Update user details issue
> 
> 
> 
> Hello,
> I've tried with IE 10 and Chrome, with the same result.
> I've also checked that the same issue appeared when using the
> satellite administrator account.
> I'll keep searching, but as i don't have any log, it is not easy.
> 
> 
> Pierre
> 
> 
> 2015-05-06 17:50 GMT+02:00 Grant Gainey < ggainey at redhat.com > :
> 
> 
> 
> 
> ----- Original Message -----
> > Hello list,
> > I've upgraded to spacewalk 2.3 (server on rhel 6, pgsql 8.4) and I
> > encounter
> > an issue when updating user roles.
> > 1/ I create a new user
> > 2/ I want to give him "Organisation admin" role
> > 3/ When I click Update, I get an error page saying:
> > HTTP Status 403 - Validation of CSRF security token failed
> > 
> > type Status report
> > 
> > message Validation of CSRF security token failed
> > 
> > description Access to the specified resource (Validation of CSRF
> > security
> > token failed) has been forbidden.
> > 
> > 4/ I click back in my browser, add Org admin role again, click
> > update, it
> > works...
> > 
> > Using spacecmd, it works.
> > 
> > I can't find a single error log in /var/log...
> > 
> > Does anyone encounters the same issue?
> 
> CSRF-token is there to help prevent XSS attacks; it's a token
> generated per-page-refresh, and validated early in the HTTP process.
> I've only seen CSRF_val fail when my session had timed out or was
> otherwise invalid.
> 
> spacecmd will never throw this, since it's a web-ui-only construct.
> 
> I haven't been able to reproduce under Chrome against my 2.3 box.
> What browser are you using?
> 
> G
> --
> Grant Gainey
> Principal Software Engineer, Red Hat Satellite
> 
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
> 
> 
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list

More information about the Spacewalk-list mailing list