Grouper Users - Open Discussion List

["Hyzer, Chris" <>]

What version and patch level are you running?  Do you have apache in front of tomcat or a load balancer?  How many nodes?  Sticky load balancing?  What browser are you using?  Does it happen for multiple people? Thanks, Chris

 

From: [mailto:] On Behalf Of Jeffrey Crawford
Sent: Wednesday, January 13, 2016 1:10 PM
To: Gouper Users List <>
Subject: [grouper-users] Our Dev system is getting CSRF errors and the ui page is reloading.

 

This is from our dev system. it was working fine and then just started producing the following error and reloading the page when opening folders or groups. It seems to finally catch after a while but It's not clear as to when this started or why it's happening. I've tried clearing cookies and private browsing but it doesn't seem to help.

2016-01-13 10:02:57,449: [TP-Processor12] ERROR CsrfGuardLogger.log(47) -  - potential cross-site request forgery (CSRF) attack thwarted (user:Gxxxxxxxxx, ip:xxx.xxx.xx.x, method:POST, uri:/grouper/grouperUi/app/UiV2Group.viewGroup, error:request token does not match session token)

Any ideas on where to start figuring out what's going on? Our prod isn't doing this but I'm of course a little worried.

Jeffrey

 

Both pilots and IT professionals require training and currency before charging into clouds!

---------------------------------------