[Spacewalk-list] SP 2.3: Update user details issue

[Lichtinger, Bernhard]

Hello,

> I've upgraded to spacewalk 2.3 (server on rhel 6, pgsql 8.4) and I encounter an issue when updating user roles.
> 1/ I create a new user
> 2/ I want to give him "Organisation admin" role
> 3/ When I click Update, I get an error page saying:
> HTTP Status 403 - Validation of CSRF security token failed
> 
> type Status report
> 
> message Validation of CSRF security token failed
> 
> description Access to the specified resource (Validation of CSRF security token failed) has been forbidden.

I get the same error with IE11 when I press the button „Select All“ below the system list of anyone of my system groups.

Apache log entry:
"POST /rhn/groups/ListRemoveSystems.do?sgid=37 HTTP/1.1" 403 1084

When I try to select individual hosts via the checkbox in the same view, I get an popup with „Unexpected error, please reload the page and check server logs"

Apache log is:
"POST /rhn/dwr/call/plaincall/DWRItemSelector.select.dwr HTTP/1.1" 200 145
which looks the same as with other browsers.

Trying to change the prefix in user account details, I get also the CSRF error and in apache logs:
"POST /rhn/account/UserDetailsSubmit.do HTTP/1.1" 403 1084

All other browsers are working fine, only Internet Explorer has problems.

I don’t know if it matters, I have an ipv4/ipv6 dual-stack network. All http-requests are done via ipv6, as far as I can see in the apache logs.


Running spacewalk-2.3 on CentOS6 with pgsql-8.4.


Regards,
Bernhard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5031 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20150512/b922e565/attachment.p7s>