[Spacewalk-list] SP 2.3: Update user details issue

Wed May 6 18:23:18 UTC 2015

Hello,
I've tried with IE 10 and Chrome, with the same result.
I've also checked that the same issue appeared when using the satellite
administrator account.
I'll keep searching, but as i don't have any log, it is not easy.

Pierre

2015-05-06 17:50 GMT+02:00 Grant Gainey <ggainey at redhat.com>:

> ----- Original Message -----
> > Hello list,
> > I've upgraded to spacewalk 2.3 (server on rhel 6, pgsql 8.4) and I
> encounter
> > an issue when updating user roles.
> > 1/ I create a new user
> > 2/ I want to give him "Organisation admin" role
> > 3/ When I click Update, I get an error page saying:
> > HTTP Status 403 - Validation of CSRF security token failed
> >
> > type Status report
> >
> > message Validation of CSRF security token failed
> >
> > description Access to the specified resource (Validation of CSRF security
> > token failed) has been forbidden.
> >
> > 4/ I click back in my browser, add Org admin role again, click update, it
> > works...
> >
> > Using spacecmd, it works.
> >
> > I can't find a single error log in /var/log...
> >
> > Does anyone encounters the same issue?
>
> CSRF-token is there to help prevent XSS attacks; it's a token generated
> per-page-refresh, and validated early in the HTTP process. I've only seen
> CSRF_val fail when my session had timed out or was otherwise invalid.
>
> spacecmd will never throw this, since it's a web-ui-only construct.
>
> I haven't been able to reproduce under Chrome against my 2.3 box. What
> browser are you using?
>
> G
> --
> Grant Gainey
> Principal Software Engineer, Red Hat Satellite
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20150506/1be39167/attachment.htm>