[Spacewalk-list] SP 2.3: Update user details issue

Grant Gainey ggainey at redhat.com
Tue May 12 14:19:51 UTC 2015 

On Tue, 2015-05-12 at 10:58 +0000, Lichtinger, Bernhard wrote:
> Hello,
> 
> > I've upgraded to spacewalk 2.3 (server on rhel 6, pgsql 8.4) and I
> encounter an issue when updating user roles. > 1/ I create a new user >
> 2/ I want to give him "Organisation admin" role > 3/ When I click
> Update, I get an error page saying: > HTTP Status 403 - Validation of
> CSRF security token failed > > type Status report > > message
> Validation of CSRF security token failed > > description Access to the
> specified resource (Validation of CSRF security token failed) has been
> forbidden.
> 
> I get the same error with IE11 when I press the button „Select All“
> below the system list of anyone of my system groups.
> 
> Apache log entry: "POST /rhn/groups/ListRemoveSystems.do?sgid=37
> HTTP/1.1" 403 1084
> 
> When I try to select individual hosts via the checkbox in the same
> view, I get an popup with „Unexpected error, please reload the page and
> check server logs"
> 
> Apache log is: "POST /rhn/dwr/call/plaincall/DWRItemSelector.select.dwr
> HTTP/1.1" 200 145 which looks the same as with other browsers.
> 
> Trying to change the prefix in user account details, I get also the
> CSRF error and in apache logs: "POST /rhn/account/UserDetailsSubmit.do
> HTTP/1.1" 403 1084
> 
> All other browsers are working fine, only Internet Explorer has
> problems.

Running on IE11 11.0.9600.17728 on Win7/64, and haven't been able to
reproduce this at all :(

What version of Windows are you on?

> I don’t know if it matters, I have an ipv4/ipv6 dual-stack network. All
> http-requests are done via ipv6, as far as I can see in the apache
> logs.

It *shouldn't* matter - nobody's doing anything that far down in the
networking stack. 

> Running spacewalk-2.3 on CentOS6 with pgsql-8.4.

My spacewalk instance is on F21 and pgsql-9.2 - but again, the DB and OS
aren't really involved in the CRSF-validity decision.

I'm really puzzled :(

G

> Regards, Bernhard _______________________________________________
> Spacewalk-list mailing list Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list

-- 
Grant Gainey
Principal Software Engineer, Red Hat Satellite

More information about the Spacewalk-list mailing list