EPrints Technical Mailing List Archive

Message: #08271

Re: [EP-tech] Ask about CSRF. Always get error when edit phrases Editor

• To: <eprints-tech@ecs.soton.ac.uk>
• Subject: Re: [EP-tech] Ask about CSRF. Always get error when edit phrases Editor
• From: Yuri <yurj@alfa.it>
• Date: Mon, 27 Jul 2020 09:15:41 +0200

with generate_static?

Il 25/07/20 14:36, Ajunk Pracetio via Eprints-tech ha scritto:

Hi David,

You said I can delete auto.js file and will get new version of auto-3.4.0.js that has the CSRF protection code. If I delete the file, how exactly I can get new auto-3.4.0.js that has the CSRF protection code?

Thank you

Regards,
Agung PW

On Thu, Jul 23, 2020 at 7:59 PM David R Newman via Eprints-tech <eprints-tech@ecs.soton.ac.uk <mailto:eprints-tech@ecs.soton.ac.uk>> wrote:

    Hi Agung Prasetyo Wibowo,

    This could be one of two issues:

    1. You have updated lib directory versions of the various
    JavaScript files that are patched in the two GitHub links you
    included but there are other versions that take precedence so
    these changes will not propagate through to the version at
    *MailScanner has detected a possible fraud attempt from "hostname"
    claiming to be* http://HOSTNAME/javascript/auto-3.4.0.js
    <http://HOSTNAME/javascript/auto-3.4.0.js>.  Look for files with
    the same name in the equivalent pub_lib, site_lib or
    archives/ARCHIVE_NAME directories.

    2. auto-3.4.0.js is still cached and you need to hard refresh the
    page to get these changes to come.  I have tried doing this as I
    know your repository hostname (i.e. Ctrl+Shift+R for a hard
    refresh) and this seems to make no difference and I cannot find
    the string 'csrf' anywhere in auto-3.4.0.js.  One other issue with
    caching might be that
    archives/ARCHIVE_NAME/html/en/javascript/auto.js and the files in
    archives/ARCHIVE_NAME/html/en/javascript/auto/ cannot be
    overwritten due to a file permission issues.  If you delete all
    these files, this may resolve the issue and give you the new
    version of auto-3.4.0.js that has the CSRF protection code.

    Regards

    David Newman

    On 23/07/2020 09:13, Ajunk Pracetio via Eprints-tech wrote:

    Hi,
    I'd like to ask. My EPrints version is 3.4. I want to edit one of
    the field on phrases editor, but always get error

    *Cross-Site Request Forgery (CSRF) was detected whilst processing
    your last request and therefore its action was not authorised. *

    The screenshot like this :
    image.png
    I already try
    https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints3.4%2Fcommit%2F95ed6bee24fb3c138ada80684f0503e54f739c41&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=8p4CUqY4R06qJFmG%2FQYI44C07upTBvm5nczsfcubYSE%3D&reserved=0
    <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints3.4%2Fcommit%2F95ed6bee24fb3c138ada80684f0503e54f739c41&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=8p4CUqY4R06qJFmG%2FQYI44C07upTBvm5nczsfcubYSE%3D&amp;reserved=0>
    and
    https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints3.4%2Fcommit%2F6968a5690ccd01f6ffe819a5a626ebe3b04c9ed1&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=f0XfHtx4NwBatK20od7cfAL37alwXu8yJEgmxpeGKfk%3D&amp;reserved=0
    <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints3.4%2Fcommit%2F6968a5690ccd01f6ffe819a5a626ebe3b04c9ed1&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=f0XfHtx4NwBatK20od7cfAL37alwXu8yJEgmxpeGKfk%3D&amp;reserved=0>,
    but error still persists.

    Please help about this issue.

    Thank you.

    Best regards,
    Agung Prasetyo Wibowo.

    *** Options:http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
    *** Archive:https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=RPDIK2AwWeGMczAC9a2FcWnEklxwfqwg3VGB10a2or4%3D&amp;reserved=0  <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=RPDIK2AwWeGMczAC9a2FcWnEklxwfqwg3VGB10a2or4%3D&amp;reserved=0>
    *** EPrints community wiki:https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=MoGQ9TpAq6O5PkPGfmg9VNcpMM4v6jYCy8ssXXIRVE0%3D&amp;reserved=0  <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=MoGQ9TpAq6O5PkPGfmg9VNcpMM4v6jYCy8ssXXIRVE0%3D&amp;reserved=0>

    <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.avg.com%2Femail-signature%3Futm_medium%3Demail%26utm_source%3Dlink%26utm_campaign%3Dsig-email%26utm_content%3Demailclient&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=31xh%2Bnm%2FXOYgvbRQRUB2oW6id%2BfcdP0fykmXfHdxYPU%3D&amp;reserved=0>
    	Virus-free. https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.avg.com%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=sZwdKJ7umO6%2BsjlxdXGePqtC0d%2BL2VN4ta%2Bcmix2mzU%3D&amp;reserved=0
    <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.avg.com%2Femail-signature%3Futm_medium%3Demail%26utm_source%3Dlink%26utm_campaign%3Dsig-email%26utm_content%3Demailclient&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=31xh%2Bnm%2FXOYgvbRQRUB2oW6id%2BfcdP0fykmXfHdxYPU%3D&amp;reserved=0>


    <#m_3887228293821871781_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
    *** Options:
    http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
    *** Archive: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=RPDIK2AwWeGMczAC9a2FcWnEklxwfqwg3VGB10a2or4%3D&amp;reserved=0
    <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=RPDIK2AwWeGMczAC9a2FcWnEklxwfqwg3VGB10a2or4%3D&amp;reserved=0>
    *** EPrints community wiki: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=MoGQ9TpAq6O5PkPGfmg9VNcpMM4v6jYCy8ssXXIRVE0%3D&amp;reserved=0
    <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=MoGQ9TpAq6O5PkPGfmg9VNcpMM4v6jYCy8ssXXIRVE0%3D&amp;reserved=0>


*** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
*** Archive: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=RPDIK2AwWeGMczAC9a2FcWnEklxwfqwg3VGB10a2or4%3D&amp;reserved=0
*** EPrints community wiki: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C7b8e40ff23b548e9231708d831fce1c3%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=MoGQ9TpAq6O5PkPGfmg9VNcpMM4v6jYCy8ssXXIRVE0%3D&amp;reserved=0

• Follow-Ups:
  • Re: [EP-tech] Ask about CSRF. Always get error when edit phrases Editor
    • From: Yuri <yurj@alfa.it>

• References:
  • [EP-tech] Ask about CSRF. Always get error when edit phrases Editor
    • From: Ajunk Pracetio <prazetyo@gmail.com>
  • Re: [EP-tech] Ask about CSRF. Always get error when edit phrases Editor
    • From: David R Newman <drn@ecs.soton.ac.uk>
  • Re: [EP-tech] Ask about CSRF. Always get error when edit phrases Editor
    • From: Ajunk Pracetio <prazetyo@gmail.com>
  • Re: [EP-tech] Ask about CSRF. Always get error when edit phrases Editor
    • From: Yuri <yurj@alfa.it>

• Prev by Date: Re: [EP-tech] Ask about CSRF. Always get error when edit phrases Editor
• Next by Date: [EP-tech] EP 3.4.1 + pub flavour doesn't export <item_issues>
• Previous by thread: [EP-tech] Sort view with creators_name and corp_creators
• Index(es):
  • Date
  • Thread