[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[EP-tech] Ask about CSRF. Always get error when edit phrases Editor



Hi David,
You said I can delete auto.js file and will get new version of
auto-3.4.0.js that has the CSRF protection code. If I delete the file, how
exactly I can get new auto-3.4.0.js that has the CSRF protection code?

Thank you

Regards,
Agung PW

On Thu, Jul 23, 2020 at 7:59 PM David R Newman via Eprints-tech <
eprints-tech at ecs.soton.ac.uk> wrote:

> Hi Agung Prasetyo Wibowo,
>
> This could be one of two issues:
>
> 1. You have updated lib directory versions of the various JavaScript files
> that are patched in the two GitHub links you included but there are other
> versions that take precedence so these changes will not propagate through
> to the version at *MailScanner has detected a possible fraud attempt from
> "hostname" claiming to be* http://HOSTNAME/javascript/auto-3.4.0.js
> <http://HOSTNAME/javascript/auto-3.4.0.js>.  Look for files with the same
> name in the equivalent pub_lib, site_lib or archives/ARCHIVE_NAME
> directories.
>
> 2. auto-3.4.0.js is still cached and you need to hard refresh the page to
> get these changes to come.  I have tried doing this as I know your
> repository hostname (i.e. Ctrl+Shift+R for a hard refresh) and this seems
> to make no difference and I cannot find the string 'csrf' anywhere in
> auto-3.4.0.js.  One other issue with caching might be that
> archives/ARCHIVE_NAME/html/en/javascript/auto.js and the files in
> archives/ARCHIVE_NAME/html/en/javascript/auto/ cannot be overwritten due to
> a file permission issues.  If you delete all these files, this may resolve
> the issue and give you the new version of auto-3.4.0.js that has the CSRF
> protection code.
>
> Regards
>
> David Newman
> On 23/07/2020 09:13, Ajunk Pracetio via Eprints-tech wrote:
>
> Hi,
> I'd like to ask. My EPrints version is 3.4. I want to edit one of the
> field on phrases editor, but always get error
>
> *Cross-Site Request Forgery (CSRF) was detected whilst processing your
> last request and therefore its action was not authorised. *
>
> The screenshot like this :
> [image: image.png]
> I already try
> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints3.4%2Fcommit%2F95ed6bee24fb3c138ada80684f0503e54f739c41&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C66e34de9f2eb4d14b5b408d83097689c%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=j9TpvvuOveoBOkwmtUB9DShIHVYd%2BkDi%2BstaGijVEjw%3D&amp;reserved=0
> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints3.4%2Fcommit%2F95ed6bee24fb3c138ada80684f0503e54f739c41&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C66e34de9f2eb4d14b5b408d83097689c%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=j9TpvvuOveoBOkwmtUB9DShIHVYd%2BkDi%2BstaGijVEjw%3D&amp;reserved=0>
> and
> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints3.4%2Fcommit%2F6968a5690ccd01f6ffe819a5a626ebe3b04c9ed1&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C66e34de9f2eb4d14b5b408d83097689c%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=CCIQDFiPODBopI8YkygyX%2B6GLZaCcQqdb4DwOQYLX2M%3D&amp;reserved=0
> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints3.4%2Fcommit%2F6968a5690ccd01f6ffe819a5a626ebe3b04c9ed1&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C66e34de9f2eb4d14b5b408d83097689c%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=CCIQDFiPODBopI8YkygyX%2B6GLZaCcQqdb4DwOQYLX2M%3D&amp;reserved=0>,
> but error still persists.
>
> Please help about this issue.
>
> Thank you.
>
> Best regards,
> Agung Prasetyo Wibowo.
>
> *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
> *** Archive: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C66e34de9f2eb4d14b5b408d83097689c%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=Q60PLBe%2BX83Ssj1erIGtV%2B1aloLh%2BzBOZb2eh0fQ8Zg%3D&amp;reserved=0 <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C66e34de9f2eb4d14b5b408d83097689c%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=Q60PLBe%2BX83Ssj1erIGtV%2B1aloLh%2BzBOZb2eh0fQ8Zg%3D&amp;reserved=0>
> *** EPrints community wiki: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C66e34de9f2eb4d14b5b408d83097689c%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=l16MKqtGjRKBJ4%2BzFtubjiS76osWE5xVhyDCpAoUKB4%3D&amp;reserved=0 <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C66e34de9f2eb4d14b5b408d83097689c%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=l16MKqtGjRKBJ4%2BzFtubjiS76osWE5xVhyDCpAoUKB4%3D&amp;reserved=0>
>
>
>
> <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.avg.com%2Femail-signature%3Futm_medium%3Demail%26utm_source%3Dlink%26utm_campaign%3Dsig-email%26utm_content%3Demailclient&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C66e34de9f2eb4d14b5b408d83097689c%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=ZJy5C803IvRCy6JC%2FQfe7tdykPrInB3x4Magp2neLB0%3D&amp;reserved=0> Virus-free.
> https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.avg.com%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C66e34de9f2eb4d14b5b408d83097689c%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=Vwn9qha%2FPNfAHcBN8mQl8YkCOT%2FTUUZZS264fmZCgEY%3D&amp;reserved=0
> <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.avg.com%2Femail-signature%3Futm_medium%3Demail%26utm_source%3Dlink%26utm_campaign%3Dsig-email%26utm_content%3Demailclient&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C66e34de9f2eb4d14b5b408d83097689c%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=ZJy5C803IvRCy6JC%2FQfe7tdykPrInB3x4Magp2neLB0%3D&amp;reserved=0>
> <#m_3887228293821871781_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
> *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
> *** Archive: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C66e34de9f2eb4d14b5b408d83097689c%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=Q60PLBe%2BX83Ssj1erIGtV%2B1aloLh%2BzBOZb2eh0fQ8Zg%3D&amp;reserved=0
> *** EPrints community wiki: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C66e34de9f2eb4d14b5b408d83097689c%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=l16MKqtGjRKBJ4%2BzFtubjiS76osWE5xVhyDCpAoUKB4%3D&amp;reserved=0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20200725/82907512/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 23116 bytes
Desc: not available
Url : http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20200725/82907512/attachment-0001.png