[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[EP-tech] Ask about CSRF. Always get error when edit phrases Editor
- Subject: [EP-tech] Ask about CSRF. Always get error when edit phrases Editor
- From: prazetyo at gmail.com (Ajunk Pracetio)
- Date: Sat, 25 Jul 2020 19:36:38 +0700
- In-reply-to: <EMEW3|dd50bca1f74f4d09d6881712f350e5fbw6MDv803drn|ecs.soton.ac.uk|41a6f184-cbe3-0958-54d0-4749658c3afb@ecs.soton.ac.uk>
- References: <CACOEPmOmOMHem7cvPiwNse-LjsWwo5fCXYktNkteqKRFMjw_hw@mail.gmail.com> <41a6f184-cbe3-0958-54d0-4749658c3afb@ecs.soton.ac.uk> <EMEW3|31abb7849faae3b48864cf64ebdbb07cw6M9Gw14eprints-tech-bounces|ecs.soton.ac.uk|CACOEPmOmOMHem7cvPiwNse-LjsWwo5fCXYktNkteqKRFMjw_hw@mail.gmail.com> <EMEW3|dd50bca1f74f4d09d6881712f350e5fbw6MDv803drn|ecs.soton.ac.uk|41a6f184-cbe3-0958-54d0-4749658c3afb@ecs.soton.ac.uk> <CACOEPmPqvFWOhUipnUFjRbHjN=BUb9FjSgy6mRObqop4A=PPfA@mail.gmail.com>
Hi David,
You said I can delete auto.js file and will get new version of
auto-3.4.0.js that has the CSRF protection code. If I delete the file, how
exactly I can get new auto-3.4.0.js that has the CSRF protection code?
Thank you
Regards,
Agung PW
On Thu, Jul 23, 2020 at 7:59 PM David R Newman via Eprints-tech <
eprints-tech at ecs.soton.ac.uk> wrote:
> Hi Agung Prasetyo Wibowo,
>
> This could be one of two issues:
>
> 1. You have updated lib directory versions of the various JavaScript files
> that are patched in the two GitHub links you included but there are other
> versions that take precedence so these changes will not propagate through
> to the version at *MailScanner has detected a possible fraud attempt from
> "hostname" claiming to be* http://HOSTNAME/javascript/auto-3.4.0.js
> <http://HOSTNAME/javascript/auto-3.4.0.js>. Look for files with the same
> name in the equivalent pub_lib, site_lib or archives/ARCHIVE_NAME
> directories.
>
> 2. auto-3.4.0.js is still cached and you need to hard refresh the page to
> get these changes to come. I have tried doing this as I know your
> repository hostname (i.e. Ctrl+Shift+R for a hard refresh) and this seems
> to make no difference and I cannot find the string 'csrf' anywhere in
> auto-3.4.0.js. One other issue with caching might be that
> archives/ARCHIVE_NAME/html/en/javascript/auto.js and the files in
> archives/ARCHIVE_NAME/html/en/javascript/auto/ cannot be overwritten due to
> a file permission issues. If you delete all these files, this may resolve
> the issue and give you the new version of auto-3.4.0.js that has the CSRF
> protection code.
>
> Regards
>
> David Newman
> On 23/07/2020 09:13, Ajunk Pracetio via Eprints-tech wrote:
>
> Hi,
> I'd like to ask. My EPrints version is 3.4. I want to edit one of the
> field on phrases editor, but always get error
>
> *Cross-Site Request Forgery (CSRF) was detected whilst processing your
> last request and therefore its action was not authorised. *
>
> The screenshot like this :
> [image: image.png]
> I already try
> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints3.4%2Fcommit%2F95ed6bee24fb3c138ada80684f0503e54f739c41&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C66e34de9f2eb4d14b5b408d83097689c%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=j9TpvvuOveoBOkwmtUB9DShIHVYd%2BkDi%2BstaGijVEjw%3D&reserved=0
> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints3.4%2Fcommit%2F95ed6bee24fb3c138ada80684f0503e54f739c41&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C66e34de9f2eb4d14b5b408d83097689c%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=j9TpvvuOveoBOkwmtUB9DShIHVYd%2BkDi%2BstaGijVEjw%3D&reserved=0>
> and
> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints3.4%2Fcommit%2F6968a5690ccd01f6ffe819a5a626ebe3b04c9ed1&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C66e34de9f2eb4d14b5b408d83097689c%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=CCIQDFiPODBopI8YkygyX%2B6GLZaCcQqdb4DwOQYLX2M%3D&reserved=0
> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints3.4%2Fcommit%2F6968a5690ccd01f6ffe819a5a626ebe3b04c9ed1&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C66e34de9f2eb4d14b5b408d83097689c%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=CCIQDFiPODBopI8YkygyX%2B6GLZaCcQqdb4DwOQYLX2M%3D&reserved=0>,
> but error still persists.
>
> Please help about this issue.
>
> Thank you.
>
> Best regards,
> Agung Prasetyo Wibowo.
>
> *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
> *** Archive: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C66e34de9f2eb4d14b5b408d83097689c%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=Q60PLBe%2BX83Ssj1erIGtV%2B1aloLh%2BzBOZb2eh0fQ8Zg%3D&reserved=0 <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C66e34de9f2eb4d14b5b408d83097689c%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=Q60PLBe%2BX83Ssj1erIGtV%2B1aloLh%2BzBOZb2eh0fQ8Zg%3D&reserved=0>
> *** EPrints community wiki: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C66e34de9f2eb4d14b5b408d83097689c%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=l16MKqtGjRKBJ4%2BzFtubjiS76osWE5xVhyDCpAoUKB4%3D&reserved=0 <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C66e34de9f2eb4d14b5b408d83097689c%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=l16MKqtGjRKBJ4%2BzFtubjiS76osWE5xVhyDCpAoUKB4%3D&reserved=0>
>
>
>
> <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.avg.com%2Femail-signature%3Futm_medium%3Demail%26utm_source%3Dlink%26utm_campaign%3Dsig-email%26utm_content%3Demailclient&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C66e34de9f2eb4d14b5b408d83097689c%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=ZJy5C803IvRCy6JC%2FQfe7tdykPrInB3x4Magp2neLB0%3D&reserved=0> Virus-free.
> https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.avg.com%2F&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C66e34de9f2eb4d14b5b408d83097689c%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=Vwn9qha%2FPNfAHcBN8mQl8YkCOT%2FTUUZZS264fmZCgEY%3D&reserved=0
> <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.avg.com%2Femail-signature%3Futm_medium%3Demail%26utm_source%3Dlink%26utm_campaign%3Dsig-email%26utm_content%3Demailclient&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C66e34de9f2eb4d14b5b408d83097689c%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=ZJy5C803IvRCy6JC%2FQfe7tdykPrInB3x4Magp2neLB0%3D&reserved=0>
> <#m_3887228293821871781_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
> *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
> *** Archive: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C66e34de9f2eb4d14b5b408d83097689c%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=Q60PLBe%2BX83Ssj1erIGtV%2B1aloLh%2BzBOZb2eh0fQ8Zg%3D&reserved=0
> *** EPrints community wiki: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C66e34de9f2eb4d14b5b408d83097689c%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=l16MKqtGjRKBJ4%2BzFtubjiS76osWE5xVhyDCpAoUKB4%3D&reserved=0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20200725/82907512/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 23116 bytes
Desc: not available
Url : http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20200725/82907512/attachment-0001.png