You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@jspwiki.apache.org by Jim Wise <jw...@draga.com> on 2022/08/04 14:50:37 UTC

CSRF protection causing errors in previews

I just updated to 2.11.3, and it appears that the recent CSRC protection fixes are interfering with previews.

When editing pages, I see this in the preview pane:



Accompanied by this in Catalina.out:

 [ERROR] 2022-08-04 10:43:29.379 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-2] o.a.w.h.f.CsrfProtectionFilter - Incorrect X-XSRF-TOKEN param with value 'null' received for null

Are others seeing this?  Is there a workaround?

Thanks,
-- 
				Jim Wise (he/him)
				jwise@draga.com

Re: CSRF protection causing errors in previews

Posted by Juan Pablo Santos Rodríguez <ju...@gmail.com>.

Hi Jim,

Glad it helped; right now I think the only way to trigger it is clearing
the cache, as the file doesn't change too much (IIRC, it's the first change
on that file in 8 or 10 releases or something like that). Would you mind
filling a jira so we don't forget about the proposed improvement?


thanks + best regards,
juan pablo

El jue, 4 ago 2022 17:38, Jim Wise <jw...@draga.com> escribió:

> Clearing cache did it.
>
> Is there any way to trigger this via header if the cached data is from a
> previous version?
>
> Thanks,
> --
>                                 Jim Wise (he/him)
>                                 jwise@draga.com
>
>
>
>
>
> > On Aug 4, 2022, at 10:58, Juan Pablo Santos Rodríguez <
> juanpablo.santos@gmail.com> wrote:
> >
> > Hi Jim,
> >
> > Most probably is a caching issue, please try to empty your browser's
> cache and retry, that should be all that is needed.
> >
> > If you have a custom template, please ensure that all <form>s (and your
> commonheader.jsp fine) contain a wiki:CsrfProtection custom tag, there's a
> note with examples in the NewIn2.11 page.
> >
> >
> > HTH,
> > juan pablo
> >
> > El jue, 4 ago 2022 16:51, Jim Wise <jwise@draga.com <mailto:
> jwise@draga.com>> escribió:
> > I just updated to 2.11.3, and it appears that the recent CSRC protection
> fixes are interfering with previews.
> >
> > When editing pages, I see this in the preview pane:
> >
> >
> >
> > Accompanied by this in Catalina.out:
> >
> >  [ERROR] 2022-08-04 10:43:29.379 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-2]
> o.a.w.h.f.CsrfProtectionFilter - Incorrect X-XSRF-TOKEN param with value
> 'null' received for null
> >
> > Are others seeing this?  Is there a workaround?
> >
> > Thanks,
> > --
> >                               Jim Wise (he/him)
> >                               jwise@draga.com <ma...@draga.com>
> >
> >
> >
> >
> >
> > <PastedGraphic-2.png>
>
>

Re: CSRF protection causing errors in previews

Posted by Jim Wise <jw...@draga.com>.

Clearing cache did it. 

Is there any way to trigger this via header if the cached data is from a previous version?

Thanks,
-- 
				Jim Wise (he/him)
				jwise@draga.com





> On Aug 4, 2022, at 10:58, Juan Pablo Santos Rodríguez <ju...@gmail.com> wrote:
> 
> Hi Jim,
> 
> Most probably is a caching issue, please try to empty your browser's cache and retry, that should be all that is needed. 
> 
> If you have a custom template, please ensure that all <form>s (and your commonheader.jsp fine) contain a wiki:CsrfProtection custom tag, there's a note with examples in the NewIn2.11 page.
> 
> 
> HTH,
> juan pablo
> 
> El jue, 4 ago 2022 16:51, Jim Wise <jwise@draga.com <ma...@draga.com>> escribió:
> I just updated to 2.11.3, and it appears that the recent CSRC protection fixes are interfering with previews.
> 
> When editing pages, I see this in the preview pane:
> 
> 
> 
> Accompanied by this in Catalina.out:
> 
>  [ERROR] 2022-08-04 10:43:29.379 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-2] o.a.w.h.f.CsrfProtectionFilter - Incorrect X-XSRF-TOKEN param with value 'null' received for null
> 
> Are others seeing this?  Is there a workaround?
> 
> Thanks,
> -- 
> 				Jim Wise (he/him)
> 				jwise@draga.com <ma...@draga.com>
> 
> 
> 
> 
> 
> <PastedGraphic-2.png>

Re: CSRF protection causing errors in previews

Posted by Juan Pablo Santos Rodríguez <ju...@gmail.com>.

Hi Jim,

Most probably is a caching issue, please try to empty your browser's cache
and retry, that should be all that is needed.

If you have a custom template, please ensure that all <form>s (and your
commonheader.jsp fine) contain a wiki:CsrfProtection custom tag, there's a
note with examples in the NewIn2.11 page.


HTH,
juan pablo

El jue, 4 ago 2022 16:51, Jim Wise <jw...@draga.com> escribió:

> I just updated to 2.11.3, and it appears that the recent CSRC protection
> fixes are interfering with previews.
>
> When editing pages, I see this in the preview pane:
>
>
>
> Accompanied by this in Catalina.out:
>
>  *[ERROR]* 2022-08-04 10:43:29.379 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-2]
> o.a.w.h.f.CsrfProtectionFilter - Incorrect X-XSRF-TOKEN param with value
> 'null' received for null
>
> Are others seeing this?  Is there a workaround?
>
> Thanks,
> --
> Jim Wise (he/him)
> jwise@draga.com
>
>
>
>
>
>