EPrints Technical Mailing List Archive
See the EPrints wiki for instructions on how to join this mailing list and related information.
Message: #07884
< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First
Re: [EP-tech] indexer and csrf problem
- To: "Newman D.R." <drn@ecs.soton.ac.uk>, "eprints-tech@ecs.soton.ac.uk" <eprints-tech@ecs.soton.ac.uk>
- Subject: Re: [EP-tech] indexer and csrf problem
- From: Werner Hack <werner.hack@uni-ulm.de>
- Date: Wed, 12 Jun 2019 10:20:20 +0200
Hi David, the "Storage Manager" is now showing up with your quick fix. Regarding the indexer, maybe there was an Edit Lock and I was too impatient :) I see some messages about this issue in the indexer logfile. Thanks for your support. Regards Werner On 6/11/19 4:12 PM, Newman D.R. wrote:
Hi Werner, Regarding the CSRF issue, you need to edit line 14 of: EPRINTS_PATH/lib/static/javascript/screen_admin_storagemanager.js and change it from: method: "post", to method: "get", I am not sure why this need to be a post rather than a get as it seems to work fine as a get. I will make sure that this patch is added to GitHub so that it becomes part of the next EPrints 3.4 release. Regards David Newman On Tue, 2019-06-11 at 14:42 +0100, David R Newman wrote:Hi Werner, Regarding the indexer issue, the most likely reason is there is an edit lock on the EPrint record. This will happen if someone is editing the record. This could just be someone loading the edit page and then never hitting either the "Cancel" or "Save and Return". If this is the case the task in the indexer will have a status of "Waiting". If it has some other status then their may be another issue. Usually I will try setting the tasks status back to waiting (you need not change the scheduled time for the task) and see if it succeeds next time it tries to run. Edit locks should only last a short-ish time and the indexer task will usually get rescheduled for ten minutes later and run without issue if no one has tried to start editing this record again. You can go the Actions tab of the EPrint record and click on a button to remove the edit lock if it somehow gets stuck. Regarding the CSRF issue, this is something that has only recently been added. It is intended to protect against Cross Site Request Forgery; basically another site trying to submit some malicious request whilst you are logged into EPrints. It looks like in the case of the Storage Manager this does not work as expected. I.e. it thinks something malicious is going on, when it is not. I will take a look on my own 3.4.1 instance and get back to you. Regards David Newman On Tue, 2019-06-11 at 15:23 +0200, Werner Hack via Eprints-tech wrote:Hi all, I am new to eprints. I recently installed eprints 3.4.1. But I encountered some issues while testing the software. I hope you can help me. o If I want to deposit an article and put the item into the live repository, the indexer starts some jobs but they keep pending forever. Restarting the indexer has no effect. If I do a reindex with the epadmin command, everthing is ok and the pending jobs are resolved. Any idea what happens here? What can I do? o If I enter the "Storage Manager" as Admin in the Config Tools, I get the following error message: Cross-Site Request Forgery (CSRF) was detected whilst processing your last request and therefore its action was not authorised. Have I missed some configuration? Any hints are appreciated Thanks in advance Werner *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprint s- tech *** Archive: http://www.eprints.org/tech.php/ *** EPrints community wiki: http://wiki.eprints.org/ *** EPrints developers Forum: http://forum.eprints.org/
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
- Follow-Ups:
- Re: [EP-tech] indexer and csrf problem
- From: Werner Hack <werner.hack@uni-ulm.de>
- Re: [EP-tech] indexer and csrf problem
- References:
- [EP-tech] indexer and csrf problem
- From: Werner Hack <werner.hack@uni-ulm.de>
- Re: [EP-tech] indexer and csrf problem
- From: Werner Hack <werner.hack@uni-ulm.de>
- [EP-tech] indexer and csrf problem
- Prev by Date: Re: [EP-tech] indexer and csrf problem
- Next by Date: [EP-tech] Adding Buttons to Admin Screen
- Previous by thread: [EP-tech] EPrints/CRIS
- Next by thread: [EP-tech] DOI handling in orcid_support_advance
- Index(es):