[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[EP-tech] Ask about CSRF. Always get error when edit phrases Editor
- Subject: [EP-tech] Ask about CSRF. Always get error when edit phrases Editor
- From: prazetyo at gmail.com (Ajunk Pracetio)
- Date: Fri, 24 Jul 2020 15:00:39 +0700
- In-reply-to: <EMEW3|dd50bca1f74f4d09d6881712f350e5fbw6MDv803drn|ecs.soton.ac.uk|41a6f184-cbe3-0958-54d0-4749658c3afb@ecs.soton.ac.uk>
- References: <CACOEPmOmOMHem7cvPiwNse-LjsWwo5fCXYktNkteqKRFMjw_hw@mail.gmail.com> <41a6f184-cbe3-0958-54d0-4749658c3afb@ecs.soton.ac.uk> <EMEW3|31abb7849faae3b48864cf64ebdbb07cw6M9Gw14eprints-tech-bounces|ecs.soton.ac.uk|CACOEPmOmOMHem7cvPiwNse-LjsWwo5fCXYktNkteqKRFMjw_hw@mail.gmail.com> <EMEW3|dd50bca1f74f4d09d6881712f350e5fbw6MDv803drn|ecs.soton.ac.uk|41a6f184-cbe3-0958-54d0-4749658c3afb@ecs.soton.ac.uk> <CACOEPmO2Dujd4fvm2cpChh08x8gd0sc8QmWkcUH=kWdBDOx5zg@mail.gmail.com>
Hi David,
Thank you for your help. I will try to look this file and will confirm
again at this group.
Best regards,
Agung Prasetyo W.
On Thu, Jul 23, 2020 at 7:59 PM David R Newman via Eprints-tech <
eprints-tech at ecs.soton.ac.uk> wrote:
> Hi Agung Prasetyo Wibowo,
>
> This could be one of two issues:
>
> 1. You have updated lib directory versions of the various JavaScript files
> that are patched in the two GitHub links you included but there are other
> versions that take precedence so these changes will not propagate through
> to the version at *MailScanner has detected a possible fraud attempt from
> "hostname" claiming to be* http://HOSTNAME/javascript/auto-3.4.0.js
> <http://HOSTNAME/javascript/auto-3.4.0.js>. Look for files with the same
> name in the equivalent pub_lib, site_lib or archives/ARCHIVE_NAME
> directories.
>
> 2. auto-3.4.0.js is still cached and you need to hard refresh the page to
> get these changes to come. I have tried doing this as I know your
> repository hostname (i.e. Ctrl+Shift+R for a hard refresh) and this seems
> to make no difference and I cannot find the string 'csrf' anywhere in
> auto-3.4.0.js. One other issue with caching might be that
> archives/ARCHIVE_NAME/html/en/javascript/auto.js and the files in
> archives/ARCHIVE_NAME/html/en/javascript/auto/ cannot be overwritten due to
> a file permission issues. If you delete all these files, this may resolve
> the issue and give you the new version of auto-3.4.0.js that has the CSRF
> protection code.
>
> Regards
>
> David Newman
> On 23/07/2020 09:13, Ajunk Pracetio via Eprints-tech wrote:
>
> Hi,
> I'd like to ask. My EPrints version is 3.4. I want to edit one of the
> field on phrases editor, but always get error
>
> *Cross-Site Request Forgery (CSRF) was detected whilst processing your
> last request and therefore its action was not authorised. *
>
> The screenshot like this :
> [image: image.png]
> I already try
> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints3.4%2Fcommit%2F95ed6bee24fb3c138ada80684f0503e54f739c41&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C42bceffecb0e4818906f08d82fa7b019%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=sGOACg8VF%2F1D3qDUeJUsWL3jCofUsA0y0zplRswyCbU%3D&reserved=0
> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints3.4%2Fcommit%2F95ed6bee24fb3c138ada80684f0503e54f739c41&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C42bceffecb0e4818906f08d82fa7b019%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=sGOACg8VF%2F1D3qDUeJUsWL3jCofUsA0y0zplRswyCbU%3D&reserved=0>
> and
> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints3.4%2Fcommit%2F6968a5690ccd01f6ffe819a5a626ebe3b04c9ed1&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C42bceffecb0e4818906f08d82fa7b019%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=XqqkKa5CpNimPiQohhRzfb0V6%2FGCUuARPHrbFuDTR2U%3D&reserved=0
> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints3.4%2Fcommit%2F6968a5690ccd01f6ffe819a5a626ebe3b04c9ed1&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C42bceffecb0e4818906f08d82fa7b019%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=XqqkKa5CpNimPiQohhRzfb0V6%2FGCUuARPHrbFuDTR2U%3D&reserved=0>,
> but error still persists.
>
> Please help about this issue.
>
> Thank you.
>
> Best regards,
> Agung Prasetyo Wibowo.
>
> *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
> *** Archive: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C42bceffecb0e4818906f08d82fa7b019%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=SEmeWu4Jfs4J3CBMjKk%2FoGXLz7Ozfm03Y7xvbnWrZ9c%3D&reserved=0 <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C42bceffecb0e4818906f08d82fa7b019%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=SEmeWu4Jfs4J3CBMjKk%2FoGXLz7Ozfm03Y7xvbnWrZ9c%3D&reserved=0>
> *** EPrints community wiki: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C42bceffecb0e4818906f08d82fa7b019%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=1j%2BUVjwGXoHHFiZqfUZ7BgQ9WqL9ZZLuyPiP6MUGGaA%3D&reserved=0 <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C42bceffecb0e4818906f08d82fa7b019%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=1j%2BUVjwGXoHHFiZqfUZ7BgQ9WqL9ZZLuyPiP6MUGGaA%3D&reserved=0>
>
>
>
> <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.avg.com%2Femail-signature%3Futm_medium%3Demail%26utm_source%3Dlink%26utm_campaign%3Dsig-email%26utm_content%3Demailclient&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C42bceffecb0e4818906f08d82fa7b019%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=fA5pwINyIEAwMFxXaGlpoNPs3yAAJuaCQX7qg1uvQfw%3D&reserved=0> Virus-free.
> https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.avg.com%2F&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C42bceffecb0e4818906f08d82fa7b019%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=7JbzzY9e4LY4Ndeo%2FuDivGly8k4X56DKdJJUBIV5l9k%3D&reserved=0
> <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.avg.com%2Femail-signature%3Futm_medium%3Demail%26utm_source%3Dlink%26utm_campaign%3Dsig-email%26utm_content%3Demailclient&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C42bceffecb0e4818906f08d82fa7b019%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=fA5pwINyIEAwMFxXaGlpoNPs3yAAJuaCQX7qg1uvQfw%3D&reserved=0>
> <#m_-1444761825363686278_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
> *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
> *** Archive: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C42bceffecb0e4818906f08d82fa7b019%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=SEmeWu4Jfs4J3CBMjKk%2FoGXLz7Ozfm03Y7xvbnWrZ9c%3D&reserved=0
> *** EPrints community wiki: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C42bceffecb0e4818906f08d82fa7b019%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=1j%2BUVjwGXoHHFiZqfUZ7BgQ9WqL9ZZLuyPiP6MUGGaA%3D&reserved=0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20200724/95a70f68/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 23116 bytes
Desc: not available
Url : http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20200724/95a70f68/attachment-0001.png