You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@jspwiki.apache.org by Jim Wise <jw...@draga.com> on 2022/08/04 14:50:37 UTC
CSRF protection causing errors in previews
I just updated to 2.11.3, and it appears that the recent CSRC protection fixes are interfering with previews.
When editing pages, I see this in the preview pane:
Accompanied by this in Catalina.out:
[ERROR] 2022-08-04 10:43:29.379 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-2] o.a.w.h.f.CsrfProtectionFilter - Incorrect X-XSRF-TOKEN param with value 'null' received for null
Are others seeing this? Is there a workaround?
Thanks,
--
Jim Wise (he/him)
jwise@draga.com
Re: CSRF protection causing errors in previews
Posted by Juan Pablo Santos Rodríguez <ju...@gmail.com>.
Hi Jim,
Glad it helped; right now I think the only way to trigger it is clearing
the cache, as the file doesn't change too much (IIRC, it's the first change
on that file in 8 or 10 releases or something like that). Would you mind
filling a jira so we don't forget about the proposed improvement?
thanks + best regards,
juan pablo
El jue, 4 ago 2022 17:38, Jim Wise <jw...@draga.com> escribió:
> Clearing cache did it.
>
> Is there any way to trigger this via header if the cached data is from a
> previous version?
>
> Thanks,
> --
> Jim Wise (he/him)
> jwise@draga.com
>
>
>
>
>
> > On Aug 4, 2022, at 10:58, Juan Pablo Santos Rodríguez <
> juanpablo.santos@gmail.com> wrote:
> >
> > Hi Jim,
> >
> > Most probably is a caching issue, please try to empty your browser's
> cache and retry, that should be all that is needed.
> >
> > If you have a custom template, please ensure that all <form>s (and your
> commonheader.jsp fine) contain a wiki:CsrfProtection custom tag, there's a
> note with examples in the NewIn2.11 page.
> >
> >
> > HTH,
> > juan pablo
> >
> > El jue, 4 ago 2022 16:51, Jim Wise <jwise@draga.com <mailto:
> jwise@draga.com>> escribió:
> > I just updated to 2.11.3, and it appears that the recent CSRC protection
> fixes are interfering with previews.
> >
> > When editing pages, I see this in the preview pane:
> >
> >
> >
> > Accompanied by this in Catalina.out:
> >
> > [ERROR] 2022-08-04 10:43:29.379 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-2]
> o.a.w.h.f.CsrfProtectionFilter - Incorrect X-XSRF-TOKEN param with value
> 'null' received for null
> >
> > Are others seeing this? Is there a workaround?
> >
> > Thanks,
> > --
> > Jim Wise (he/him)
> > jwise@draga.com <ma...@draga.com>
> >
> >
> >
> >
> >
> > <PastedGraphic-2.png>
>
>
Re: CSRF protection causing errors in previews
Posted by Jim Wise <jw...@draga.com>.
Clearing cache did it.
Is there any way to trigger this via header if the cached data is from a previous version?
Thanks,
--
Jim Wise (he/him)
jwise@draga.com
> On Aug 4, 2022, at 10:58, Juan Pablo Santos Rodríguez <ju...@gmail.com> wrote:
>
> Hi Jim,
>
> Most probably is a caching issue, please try to empty your browser's cache and retry, that should be all that is needed.
>
> If you have a custom template, please ensure that all <form>s (and your commonheader.jsp fine) contain a wiki:CsrfProtection custom tag, there's a note with examples in the NewIn2.11 page.
>
>
> HTH,
> juan pablo
>
> El jue, 4 ago 2022 16:51, Jim Wise <jwise@draga.com <ma...@draga.com>> escribió:
> I just updated to 2.11.3, and it appears that the recent CSRC protection fixes are interfering with previews.
>
> When editing pages, I see this in the preview pane:
>
>
>
> Accompanied by this in Catalina.out:
>
> [ERROR] 2022-08-04 10:43:29.379 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-2] o.a.w.h.f.CsrfProtectionFilter - Incorrect X-XSRF-TOKEN param with value 'null' received for null
>
> Are others seeing this? Is there a workaround?
>
> Thanks,
> --
> Jim Wise (he/him)
> jwise@draga.com <ma...@draga.com>
>
>
>
>
>
> <PastedGraphic-2.png>
Re: CSRF protection causing errors in previews
Posted by Juan Pablo Santos Rodríguez <ju...@gmail.com>.
Hi Jim,
Most probably is a caching issue, please try to empty your browser's cache
and retry, that should be all that is needed.
If you have a custom template, please ensure that all <form>s (and your
commonheader.jsp fine) contain a wiki:CsrfProtection custom tag, there's a
note with examples in the NewIn2.11 page.
HTH,
juan pablo
El jue, 4 ago 2022 16:51, Jim Wise <jw...@draga.com> escribió:
> I just updated to 2.11.3, and it appears that the recent CSRC protection
> fixes are interfering with previews.
>
> When editing pages, I see this in the preview pane:
>
>
>
> Accompanied by this in Catalina.out:
>
> *[ERROR]* 2022-08-04 10:43:29.379 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-2]
> o.a.w.h.f.CsrfProtectionFilter - Incorrect X-XSRF-TOKEN param with value
> 'null' received for null
>
> Are others seeing this? Is there a workaround?
>
> Thanks,
> --
> Jim Wise (he/him)
> jwise@draga.com
>
>
>
>
>
>