[Spacewalk-list] SP 2.3: Update user details issue

Pierre Casenove pcasenove at gmail.com
Thu May 7 09:02:26 UTC 2015 

Hello,
Thanks for you help, I've corrected the issue.
In fact, the security team force to replace the Include conf.d/* in the
httpd.conf file by the exact list of file to import.
I was missing momentjs.conf include.
No issue on spacewalk side so.

Pierre

2015-05-07 9:00 GMT+02:00 Tomas Lestach <tlestach at redhat.com>:

> Make sure, you do not load the user page in one tab,
> then do some other action in another tab
> and then submit the user permission change on the original tab.
> This is the way, how you get the CSRF exception for sure.
>
> (I was also not able to reproduce described behavior.)
>
> Regards,
> --
> Tomas Lestach
> Red Hat Satellite Engineering, Red Hat
>
>
> ----- Original Message -----
> > From: "Pierre Casenove" <pcasenove at gmail.com>
> > To: spacewalk-list at redhat.com
> > Sent: Wednesday, May 6, 2015 8:23:18 PM
> > Subject: Re: [Spacewalk-list] SP 2.3: Update user details issue
> >
> >
> >
> > Hello,
> > I've tried with IE 10 and Chrome, with the same result.
> > I've also checked that the same issue appeared when using the
> > satellite administrator account.
> > I'll keep searching, but as i don't have any log, it is not easy.
> >
> >
> > Pierre
> >
> >
> > 2015-05-06 17:50 GMT+02:00 Grant Gainey < ggainey at redhat.com > :
> >
> >
> >
> >
> > ----- Original Message -----
> > > Hello list,
> > > I've upgraded to spacewalk 2.3 (server on rhel 6, pgsql 8.4) and I
> > > encounter
> > > an issue when updating user roles.
> > > 1/ I create a new user
> > > 2/ I want to give him "Organisation admin" role
> > > 3/ When I click Update, I get an error page saying:
> > > HTTP Status 403 - Validation of CSRF security token failed
> > >
> > > type Status report
> > >
> > > message Validation of CSRF security token failed
> > >
> > > description Access to the specified resource (Validation of CSRF
> > > security
> > > token failed) has been forbidden.
> > >
> > > 4/ I click back in my browser, add Org admin role again, click
> > > update, it
> > > works...
> > >
> > > Using spacecmd, it works.
> > >
> > > I can't find a single error log in /var/log...
> > >
> > > Does anyone encounters the same issue?
> >
> > CSRF-token is there to help prevent XSS attacks; it's a token
> > generated per-page-refresh, and validated early in the HTTP process.
> > I've only seen CSRF_val fail when my session had timed out or was
> > otherwise invalid.
> >
> > spacecmd will never throw this, since it's a web-ui-only construct.
> >
> > I haven't been able to reproduce under Chrome against my 2.3 box.
> > What browser are you using?
> >
> > G
> > --
> > Grant Gainey
> > Principal Software Engineer, Red Hat Satellite
> >
> > _______________________________________________
> > Spacewalk-list mailing list
> > Spacewalk-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/spacewalk-list
> >
> >
> > _______________________________________________
> > Spacewalk-list mailing list
> > Spacewalk-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/spacewalk-list
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20150507/14866aee/attachment.htm>

More information about the Spacewalk-list mailing list