[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[EP-tech] Ask about CSRF. Always get error when edit phrases Editor

Subject: [EP-tech] Ask about CSRF. Always get error when edit phrases Editor
From: drn at ecs.soton.ac.uk (David R Newman)
Date: Thu, 23 Jul 2020 13:57:06 +0100
In-reply-to: <EMEW3|31abb7849faae3b48864cf64ebdbb07cw6M9Gw14eprints-tech-bounces|ecs.soton.ac.uk|CACOEPmOmOMHem7cvPiwNse-LjsWwo5fCXYktNkteqKRFMjw_hw@mail.gmail.com>
References: <CACOEPmOmOMHem7cvPiwNse-LjsWwo5fCXYktNkteqKRFMjw_hw@mail.gmail.com> <CACOEPmOmOMHem7cvPiwNse-LjsWwo5fCXYktNkteqKRFMjw_hw@mail.gmail.com> <EMEW3|31abb7849faae3b48864cf64ebdbb07cw6M9Gw14eprints-tech-bounces|ecs.soton.ac.uk|CACOEPmOmOMHem7cvPiwNse-LjsWwo5fCXYktNkteqKRFMjw_hw@mail.gmail.com> <41a6f184-cbe3-0958-54d0-4749658c3afb@ecs.soton.ac.uk>

Hi Agung Prasetyo Wibowo,

This could be one of two issues:

1. You have updated lib directory versions of the various JavaScript 
files that are patched in the two GitHub links you included but there 
are other versions that take precedence so these changes will not 
propagate through to the version at 
http://HOSTNAME/javascript/auto-3.4.0.js.? Look for files with the same 
name in the equivalent pub_lib, site_lib or archives/ARCHIVE_NAME 
directories.

2. auto-3.4.0.js is still cached and you need to hard refresh the page 
to get these changes to come.? I have tried doing this as I know your 
repository hostname (i.e. Ctrl+Shift+R for a hard refresh) and this 
seems to make no difference and I cannot find the string 'csrf' anywhere 
in auto-3.4.0.js.? One other issue with caching might be that 
archives/ARCHIVE_NAME/html/en/javascript/auto.js and the files in 
archives/ARCHIVE_NAME/html/en/javascript/auto/ cannot be overwritten due 
to a file permission issues.? If you delete all these files, this may 
resolve the issue and give you the new version of auto-3.4.0.js that has 
the CSRF protection code.

Regards

David Newman

On 23/07/2020 09:13, Ajunk Pracetio via Eprints-tech wrote:
> Hi,
> I'd like to ask. My EPrints version is 3.4. I want to edit one of the 
> field on phrases editor, but always get error
>
> *Cross-Site Request Forgery (CSRF) was detected whilst processing your 
> last request and therefore its action was not authorised. *
>
> The screenshot like this :
> image.png
> I already try 
> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints3.4%2Fcommit%2F95ed6bee24fb3c138ada80684f0503e54f739c41&amp;data=01%7C01%7C%7C2e35c975617c4535a81408d82f07e769%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=HC7lX7Wuz%2FAKihxgbNOIXc%2F%2Br968W0BShkf2kJwnh8M%3D&amp;reserved=0 
> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints3.4%2Fcommit%2F95ed6bee24fb3c138ada80684f0503e54f739c41&amp;data=01%7C01%7C%7C2e35c975617c4535a81408d82f07e769%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=HC7lX7Wuz%2FAKihxgbNOIXc%2F%2Br968W0BShkf2kJwnh8M%3D&amp;reserved=0> 
> and 
> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints3.4%2Fcommit%2F6968a5690ccd01f6ffe819a5a626ebe3b04c9ed1&amp;data=01%7C01%7C%7C2e35c975617c4535a81408d82f07e769%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=uiy%2B00dZz2dU%2Fdc7dgDdk3nu70vvSILngf6yGNKjqPY%3D&amp;reserved=0 
> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints3.4%2Fcommit%2F6968a5690ccd01f6ffe819a5a626ebe3b04c9ed1&amp;data=01%7C01%7C%7C2e35c975617c4535a81408d82f07e769%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=uiy%2B00dZz2dU%2Fdc7dgDdk3nu70vvSILngf6yGNKjqPY%3D&amp;reserved=0>, 
> but error still persists.
>
> Please help about this issue.
>
> Thank you.
>
> Best regards,
> Agung Prasetyo Wibowo.
>
> *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
> *** Archive: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&amp;data=01%7C01%7C%7C2e35c975617c4535a81408d82f07e769%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=3jyDhBWoas4EkTEKwPF2lMHH3gY%2FX62%2BXRtgp%2BQHQIQ%3D&amp;reserved=0
> *** EPrints community wiki: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&amp;data=01%7C01%7C%7C2e35c975617c4535a81408d82f07e769%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=o0IvFdJ%2B6u7dzuAnmJ06eqg72LMHeE3kE4UmZku1Nbw%3D&amp;reserved=0


-- 
This email has been checked for viruses by AVG.
https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.avg.com%2F&amp;data=01%7C01%7C%7C2e35c975617c4535a81408d82f07e769%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=05WMrqwWqP6Azav2OCnRrOfw7%2BQyrIZ%2FMlnjOe8VnTU%3D&amp;reserved=0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20200723/b9e255ee/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 23116 bytes
Desc: not available
Url : http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20200723/b9e255ee/attachment-0001.png

References:
- [EP-tech] Ask about CSRF. Always get error when edit phrases Editor
  - From: prazetyo at gmail.com (Ajunk Pracetio)

Prev by Date: [EP-tech] Ask about CSRF. Always get error when edit phrases Editor
Next by Date: [EP-tech] making "abstract" a part of the embargoed information
Next by thread: [EP-tech] Re: Eprints divisions problem
Index(es):
- Date
- Thread