EPrints Technical Mailing List Archive
Message: #08267
< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First
Re: [EP-tech] Ask about CSRF. Always get error when edit phrases Editor
- To: EDER Norbert via Eprints-tech <eprints-tech@ecs.soton.ac.uk>, David R Newman <drn@ecs.soton.ac.uk>
- Subject: Re: [EP-tech] Ask about CSRF. Always get error when edit phrases Editor
- From: Ajunk Pracetio <prazetyo@gmail.com>
- Date: Fri, 24 Jul 2020 15:00:39 +0700
*** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-techHi Agung Prasetyo Wibowo,
This could be one of two issues:
1. You have updated lib directory versions of the various _javascript_ files that are patched in the two GitHub links you included but there are other versions that take precedence so these changes will not propagate through to the version at MailScanner has detected a possible fraud attempt from "hostname" claiming to be http://HOSTNAME/_javascript_/auto-3.4.0.js. Look for files with the same name in the equivalent pub_lib, site_lib or archives/ARCHIVE_NAME directories.
2. auto-3.4.0.js is still cached and you need to hard refresh the page to get these changes to come. I have tried doing this as I know your repository hostname (i.e. Ctrl+Shift+R for a hard refresh) and this seems to make no difference and I cannot find the string 'csrf' anywhere in auto-3.4.0.js. One other issue with caching might be that archives/ARCHIVE_NAME/html/en/_javascript_/auto.js and the files in archives/ARCHIVE_NAME/html/en/_javascript_/auto/ cannot be overwritten due to a file permission issues. If you delete all these files, this may resolve the issue and give you the new version of auto-3.4.0.js that has the CSRF protection code.
Regards
David Newman
On 23/07/2020 09:13, Ajunk Pracetio via Eprints-tech wrote:
Hi,I'd like to ask. My EPrints version is 3.4. I want to edit one of the field on phrases editor, but always get error
Cross-Site Request Forgery (CSRF) was detected whilst processing your last request and therefore its action was not authorised.
The screenshot like this :
I already try https://github.com/eprints/eprints3.4/commit/95ed6bee24fb3c138ada80684f0503e54f739c41 and https://github.com/eprints/eprints3.4/commit/6968a5690ccd01f6ffe819a5a626ebe3b04c9ed1, but error still persists.
Please help about this issue.
Thank you.
Best regards,Agung Prasetyo Wibowo.
*** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech *** Archive: http://www.eprints.org/tech.php/ *** EPrints community wiki: http://wiki.eprints.org/
*** Archive: http://www.eprints.org/tech.php/
*** EPrints community wiki: http://wiki.eprints.org/
- Follow-Ups:
- Re: [EP-tech] Ask about CSRF. Always get error when edit phrases Editor
- From: Ajunk Pracetio <prazetyo@gmail.com>
- Re: [EP-tech] Ask about CSRF. Always get error when edit phrases Editor
- References:
- [EP-tech] Ask about CSRF. Always get error when edit phrases Editor
- From: Ajunk Pracetio <prazetyo@gmail.com>
- Re: [EP-tech] Ask about CSRF. Always get error when edit phrases Editor
- From: David R Newman <drn@ecs.soton.ac.uk>
- Re: [EP-tech] Ask about CSRF. Always get error when edit phrases Editor
- From: Ajunk Pracetio <prazetyo@gmail.com>
- [EP-tech] Ask about CSRF. Always get error when edit phrases Editor
- Prev by Date: Re: [EP-tech] making "abstract" a part of the embargoed information
- Next by Date: Re: [EP-tech] Charts Visualization on IRStats - Abstract Pages - Chrome
- Previous by thread: [EP-tech] Sort view with creators_name and corp_creators
- Index(es):