[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[EP-tech] Ask about CSRF. Always get error when edit phrases Editor



with generate_static?

Il 25/07/20 14:36, Ajunk Pracetio via Eprints-tech ha scritto:
> Hi David,
> You said I can delete auto.js file and will get new version of 
> auto-3.4.0.js that has the CSRF protection code. If I delete the file, 
> how exactly I can get new auto-3.4.0.js that has the CSRF protection 
> code?
>
> Thank you
>
> Regards,
> Agung PW
>
> On Thu, Jul 23, 2020 at 7:59 PM David R Newman via Eprints-tech 
> <eprints-tech at ecs.soton.ac.uk <mailto:eprints-tech at ecs.soton.ac.uk>> 
> wrote:
>
>     Hi Agung Prasetyo Wibowo,
>
>     This could be one of two issues:
>
>     1. You have updated lib directory versions of the various
>     JavaScript files that are patched in the two GitHub links you
>     included but there are other versions that take precedence so
>     these changes will not propagate through to the version at
>     *MailScanner has detected a possible fraud attempt from "hostname"
>     claiming to be* http://HOSTNAME/javascript/auto-3.4.0.js
>     <http://HOSTNAME/javascript/auto-3.4.0.js>.? Look for files with
>     the same name in the equivalent pub_lib, site_lib or
>     archives/ARCHIVE_NAME directories.
>
>     2. auto-3.4.0.js is still cached and you need to hard refresh the
>     page to get these changes to come.? I have tried doing this as I
>     know your repository hostname (i.e. Ctrl+Shift+R for a hard
>     refresh) and this seems to make no difference and I cannot find
>     the string 'csrf' anywhere in auto-3.4.0.js.? One other issue with
>     caching might be that
>     archives/ARCHIVE_NAME/html/en/javascript/auto.js and the files in
>     archives/ARCHIVE_NAME/html/en/javascript/auto/ cannot be
>     overwritten due to a file permission issues.? If you delete all
>     these files, this may resolve the issue and give you the new
>     version of auto-3.4.0.js that has the CSRF protection code.
>
>     Regards
>
>     David Newman
>
>     On 23/07/2020 09:13, Ajunk Pracetio via Eprints-tech wrote:
>>     Hi,
>>     I'd like to ask. My EPrints version is 3.4. I want to edit one of
>>     the field on phrases editor, but always get error
>>
>>     *Cross-Site Request Forgery (CSRF) was detected whilst processing
>>     your last request and therefore its action was not authorised. *
>>
>>     The screenshot like this :
>>     image.png
>>     I already try
>>     https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints3.4%2Fcommit%2F95ed6bee24fb3c138ada80684f0503e54f739c41&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=8p4CUqY4R06qJFmG%2FQYI44C07upTBvm5nczsfcubYSE%3D&amp;reserved=0
>>     <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints3.4%2Fcommit%2F95ed6bee24fb3c138ada80684f0503e54f739c41&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=8p4CUqY4R06qJFmG%2FQYI44C07upTBvm5nczsfcubYSE%3D&amp;reserved=0>
>>     and
>>     https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints3.4%2Fcommit%2F6968a5690ccd01f6ffe819a5a626ebe3b04c9ed1&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=f0XfHtx4NwBatK20od7cfAL37alwXu8yJEgmxpeGKfk%3D&amp;reserved=0
>>     <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints3.4%2Fcommit%2F6968a5690ccd01f6ffe819a5a626ebe3b04c9ed1&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=f0XfHtx4NwBatK20od7cfAL37alwXu8yJEgmxpeGKfk%3D&amp;reserved=0>,
>>     but error still persists.
>>
>>     Please help about this issue.
>>
>>     Thank you.
>>
>>     Best regards,
>>     Agung Prasetyo Wibowo.
>>
>>     *** Options:http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
>>     *** Archive:https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=RPDIK2AwWeGMczAC9a2FcWnEklxwfqwg3VGB10a2or4%3D&amp;reserved=0  <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=RPDIK2AwWeGMczAC9a2FcWnEklxwfqwg3VGB10a2or4%3D&amp;reserved=0>
>>     *** EPrints community wiki:https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=MoGQ9TpAq6O5PkPGfmg9VNcpMM4v6jYCy8ssXXIRVE0%3D&amp;reserved=0  <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=MoGQ9TpAq6O5PkPGfmg9VNcpMM4v6jYCy8ssXXIRVE0%3D&amp;reserved=0>
>
>     <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.avg.com%2Femail-signature%3Futm_medium%3Demail%26utm_source%3Dlink%26utm_campaign%3Dsig-email%26utm_content%3Demailclient&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=31xh%2Bnm%2FXOYgvbRQRUB2oW6id%2BfcdP0fykmXfHdxYPU%3D&amp;reserved=0>
>     	Virus-free. https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.avg.com%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=sZwdKJ7umO6%2BsjlxdXGePqtC0d%2BL2VN4ta%2Bcmix2mzU%3D&amp;reserved=0
>     <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.avg.com%2Femail-signature%3Futm_medium%3Demail%26utm_source%3Dlink%26utm_campaign%3Dsig-email%26utm_content%3Demailclient&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=31xh%2Bnm%2FXOYgvbRQRUB2oW6id%2BfcdP0fykmXfHdxYPU%3D&amp;reserved=0>
>
>
>     <#m_3887228293821871781_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>     *** Options:
>     http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
>     *** Archive: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=RPDIK2AwWeGMczAC9a2FcWnEklxwfqwg3VGB10a2or4%3D&amp;reserved=0
>     <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=RPDIK2AwWeGMczAC9a2FcWnEklxwfqwg3VGB10a2or4%3D&amp;reserved=0>
>     *** EPrints community wiki: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=MoGQ9TpAq6O5PkPGfmg9VNcpMM4v6jYCy8ssXXIRVE0%3D&amp;reserved=0
>     <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=MoGQ9TpAq6O5PkPGfmg9VNcpMM4v6jYCy8ssXXIRVE0%3D&amp;reserved=0>
>
>
> *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
> *** Archive: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=RPDIK2AwWeGMczAC9a2FcWnEklxwfqwg3VGB10a2or4%3D&amp;reserved=0
> *** EPrints community wiki: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=MoGQ9TpAq6O5PkPGfmg9VNcpMM4v6jYCy8ssXXIRVE0%3D&amp;reserved=0