Defect #16895
closed
Can't verify CSRF token authenticity on IE9 with Alias
0%
Description
Dear Redmine team,
I've a strange behavior/issue during the user connexion with IE9 (no test on other IE) when I use the alias but it's ok with the hostname.
I've LDAP connexion to AD directory.
No issue with another web browser like FireFox or Chrome (alais and hostname ok).
Only one plugin and no change if I remove it.
- Environment:
Redmine version 2.5.1.stable
Ruby version 1.9.3-p484 (2013-11-22) [x86_64-linux]
Rails version 3.2.17
Environment production
Database adapter Mysql2
SCM:
Subversion 1.6.11
Filesystem
Redmine plugins:
redmine_issue_templates 0.0.8
- Web access: Alias & HTTPS
- Apache conf:
Two virtuals host for redmine and same behavior for eachone
<VirtualHost *:443>
ServerName UCC_redmine.XXX.corp:443
DocumentRoot /home/apache/html/redmine-2.5.1/public/
<Directory "/home/apache/html/redmine-2.5.1/public/">
Options Indexes ExecCGI FollowSymLinks
Order allow,deny
Allow from all
AllowOverride all
</Directory>ErrorLog /var/log/httpd/redmine_ssl_error.log
TransferLog /var/log/httpd/redmine_ssl_access.log
CustomLog /var/log/httpd/redmine_ssl_request.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
LogLevel infoSSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /home/apache/html/redmine-2.5.1/config/cert/UCC_redmine.XXX.corp.crt
SSLCertificateKeyFile /home/apache/html/redmine-2.5.1/config/cert/UCC_redmine.XXX.corp.key
</VirtualHost>
- Logs:
IE - hostname - OK
Started POST "/login" for @IPUSER at 2014-05-15 17:54:32 +0200
Processing by AccountController#login as HTML
Parameters: {"utf8"=>"â", "authenticity_token"=>"6EoJDRXhaE9kXwqD1W+POIhu49K6o+jjW+8aS45C0CU=", "back_url"=>"https://m01a8-fript02/", "username"=>"USERID", "password"=>"[FILTERED]", "login"=>"Connexion »"}
Current user: anonymous
Successful authentication for 'USERID' from @IPUSER at 2014-05-15 15:54:33 UTC
Redirected to https://m01a8-fript02/
Completed 302 Found in 211.2ms (ActiveRecord: 4.2ms)
IE - Alias - KO
Started POST "/login" for @IPUSER at 2014-05-15 17:57:27 +0200
Processing by AccountController#login as HTML
Parameters: {"utf8"=>"â", "authenticity_token"=>"6FEa0BYyKvsz0JLRcpwA5qfE01BOxKrX6Ymdlz3tf0U=", "back_url"=>"https://ucc_redmine.XXX.corp/", "username"=>"USERID", "password"=>"[FILTERED]", "login"=>"Connexion »"}
WARNING: Can't verify CSRF token authenticity
Rendered common/error.html.erb within layouts/base (0.6ms)
Filter chain halted as :verify_authenticity_token rendered or redirected
Completed 422 Unprocessable Entity in 8.4ms (Views: 7.7ms | ActiveRecord: 0.0ms)
FF - OK
Started POST "/login" for @IPUSER at 2014-05-15 17:46:41 +0200
Processing by AccountController#login as HTML
Parameters: {"utf8"=>"â", "authenticity_token"=>"U8IhNNVpo+KHuF5T5DwXkEtNnSk0dDgc6KQUaDyPHIU=", "back_url"=>"https://ucc_redmine.XXX.corp/", "username"=>"USERID", "password"=>"[FILTERED]", "login"=>"Connexion »"}
Current user: anonymous
Successful authentication for 'USERID' from @IPUSER at 2014-05-15 15:46:41 UTC
Could not redirect to invalid URL https://ucc_redmine.XXX.corp/
Redirected to https://ucc_redmine.XXX.corp/my/page
Completed 302 Found in 385.2ms (ActiveRecord: 5.4ms)
Thanks in advance for your feedback!!!
Related issues
Updated by 
Updated by