[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[EP-tech] Ask about CSRF. Always get error when edit phrases Editor
- Subject: [EP-tech] Ask about CSRF. Always get error when edit phrases Editor
- From: yurj at alfa.it (Yuri)
- Date: Mon, 27 Jul 2020 09:15:41 +0200
- In-reply-to: <EMEW3|9e1bcdf1eee4df692e094ce0bee8179ew6ODbe14eprints-tech-bounces|ecs.soton.ac.uk|CACOEPmPqvFWOhUipnUFjRbHjN=BUb9FjSgy6mRObqop4A=PPfA@mail.gmail.com>
- References: <CACOEPmOmOMHem7cvPiwNse-LjsWwo5fCXYktNkteqKRFMjw_hw@mail.gmail.com> <41a6f184-cbe3-0958-54d0-4749658c3afb@ecs.soton.ac.uk> <EMEW3|31abb7849faae3b48864cf64ebdbb07cw6M9Gw14eprints-tech-bounces|ecs.soton.ac.uk|CACOEPmOmOMHem7cvPiwNse-LjsWwo5fCXYktNkteqKRFMjw_hw@mail.gmail.com> <EMEW3|dd50bca1f74f4d09d6881712f350e5fbw6MDv803drn|ecs.soton.ac.uk|41a6f184-cbe3-0958-54d0-4749658c3afb@ecs.soton.ac.uk> <CACOEPmPqvFWOhUipnUFjRbHjN=BUb9FjSgy6mRObqop4A=PPfA@mail.gmail.com> <CACOEPmPqvFWOhUipnUFjRbHjN=BUb9FjSgy6mRObqop4A=PPfA@mail.gmail.com> <EMEW3|9e1bcdf1eee4df692e094ce0bee8179ew6ODbe14eprints-tech-bounces|ecs.soton.ac.uk|CACOEPmPqvFWOhUipnUFjRbHjN=BUb9FjSgy6mRObqop4A=PPfA@mail.gmail.com> <2b45653a-dbbf-f80c-18a0-3122d9da14ff@alfa.it>
with generate_static?
Il 25/07/20 14:36, Ajunk Pracetio via Eprints-tech ha scritto:
> Hi David,
> You said I can delete auto.js file and will get new version of
> auto-3.4.0.js that has the CSRF protection code. If I delete the file,
> how exactly I can get new auto-3.4.0.js that has the CSRF protection
> code?
>
> Thank you
>
> Regards,
> Agung PW
>
> On Thu, Jul 23, 2020 at 7:59 PM David R Newman via Eprints-tech
> <eprints-tech at ecs.soton.ac.uk <mailto:eprints-tech at ecs.soton.ac.uk>>
> wrote:
>
> Hi Agung Prasetyo Wibowo,
>
> This could be one of two issues:
>
> 1. You have updated lib directory versions of the various
> JavaScript files that are patched in the two GitHub links you
> included but there are other versions that take precedence so
> these changes will not propagate through to the version at
> *MailScanner has detected a possible fraud attempt from "hostname"
> claiming to be* http://HOSTNAME/javascript/auto-3.4.0.js
> <http://HOSTNAME/javascript/auto-3.4.0.js>.? Look for files with
> the same name in the equivalent pub_lib, site_lib or
> archives/ARCHIVE_NAME directories.
>
> 2. auto-3.4.0.js is still cached and you need to hard refresh the
> page to get these changes to come.? I have tried doing this as I
> know your repository hostname (i.e. Ctrl+Shift+R for a hard
> refresh) and this seems to make no difference and I cannot find
> the string 'csrf' anywhere in auto-3.4.0.js.? One other issue with
> caching might be that
> archives/ARCHIVE_NAME/html/en/javascript/auto.js and the files in
> archives/ARCHIVE_NAME/html/en/javascript/auto/ cannot be
> overwritten due to a file permission issues.? If you delete all
> these files, this may resolve the issue and give you the new
> version of auto-3.4.0.js that has the CSRF protection code.
>
> Regards
>
> David Newman
>
> On 23/07/2020 09:13, Ajunk Pracetio via Eprints-tech wrote:
>> Hi,
>> I'd like to ask. My EPrints version is 3.4. I want to edit one of
>> the field on phrases editor, but always get error
>>
>> *Cross-Site Request Forgery (CSRF) was detected whilst processing
>> your last request and therefore its action was not authorised. *
>>
>> The screenshot like this :
>> image.png
>> I already try
>> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints3.4%2Fcommit%2F95ed6bee24fb3c138ada80684f0503e54f739c41&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=8p4CUqY4R06qJFmG%2FQYI44C07upTBvm5nczsfcubYSE%3D&reserved=0
>> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints3.4%2Fcommit%2F95ed6bee24fb3c138ada80684f0503e54f739c41&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=8p4CUqY4R06qJFmG%2FQYI44C07upTBvm5nczsfcubYSE%3D&reserved=0>
>> and
>> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints3.4%2Fcommit%2F6968a5690ccd01f6ffe819a5a626ebe3b04c9ed1&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=f0XfHtx4NwBatK20od7cfAL37alwXu8yJEgmxpeGKfk%3D&reserved=0
>> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints3.4%2Fcommit%2F6968a5690ccd01f6ffe819a5a626ebe3b04c9ed1&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=f0XfHtx4NwBatK20od7cfAL37alwXu8yJEgmxpeGKfk%3D&reserved=0>,
>> but error still persists.
>>
>> Please help about this issue.
>>
>> Thank you.
>>
>> Best regards,
>> Agung Prasetyo Wibowo.
>>
>> *** Options:http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
>> *** Archive:https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=RPDIK2AwWeGMczAC9a2FcWnEklxwfqwg3VGB10a2or4%3D&reserved=0 <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=RPDIK2AwWeGMczAC9a2FcWnEklxwfqwg3VGB10a2or4%3D&reserved=0>
>> *** EPrints community wiki:https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=MoGQ9TpAq6O5PkPGfmg9VNcpMM4v6jYCy8ssXXIRVE0%3D&reserved=0 <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=MoGQ9TpAq6O5PkPGfmg9VNcpMM4v6jYCy8ssXXIRVE0%3D&reserved=0>
>
> <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.avg.com%2Femail-signature%3Futm_medium%3Demail%26utm_source%3Dlink%26utm_campaign%3Dsig-email%26utm_content%3Demailclient&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=31xh%2Bnm%2FXOYgvbRQRUB2oW6id%2BfcdP0fykmXfHdxYPU%3D&reserved=0>
> Virus-free. https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.avg.com%2F&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=sZwdKJ7umO6%2BsjlxdXGePqtC0d%2BL2VN4ta%2Bcmix2mzU%3D&reserved=0
> <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.avg.com%2Femail-signature%3Futm_medium%3Demail%26utm_source%3Dlink%26utm_campaign%3Dsig-email%26utm_content%3Demailclient&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=31xh%2Bnm%2FXOYgvbRQRUB2oW6id%2BfcdP0fykmXfHdxYPU%3D&reserved=0>
>
>
> <#m_3887228293821871781_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
> *** Options:
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
> *** Archive: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=RPDIK2AwWeGMczAC9a2FcWnEklxwfqwg3VGB10a2or4%3D&reserved=0
> <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=RPDIK2AwWeGMczAC9a2FcWnEklxwfqwg3VGB10a2or4%3D&reserved=0>
> *** EPrints community wiki: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=MoGQ9TpAq6O5PkPGfmg9VNcpMM4v6jYCy8ssXXIRVE0%3D&reserved=0
> <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=MoGQ9TpAq6O5PkPGfmg9VNcpMM4v6jYCy8ssXXIRVE0%3D&reserved=0>
>
>
> *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
> *** Archive: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=RPDIK2AwWeGMczAC9a2FcWnEklxwfqwg3VGB10a2or4%3D&reserved=0
> *** EPrints community wiki: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=MoGQ9TpAq6O5PkPGfmg9VNcpMM4v6jYCy8ssXXIRVE0%3D&reserved=0