Project

General

Profile

Actions

Defect #34214

closed

Can't verify CSRF token authenticity

Added by Adriano Bellia about 4 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Ruby support
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Affected version:

Description

Hi,
I'm embeeding a Redmine page inside a Sharepoint iframe.
It has always worked in the last months, from one month, more or less, when I try to login in Redmine through this page I receive the "Can't verify CSRF token authenticity" error. From outside everything works.

I tried adding the self.allow_forgery_protection = false in the application.rb file, but now, just in the embeeded login page, after putting the credentials I return to the login page. In the redmine log it tells that I'm succesfully loggin in but nothing happens.

Any suggestion ?

Environment:
Redmine version 4.0.3.stable
Ruby version 2.5.5-p157 (2019-03-15) [x86_64-linux]
Rails version 5.2.2.1
Environment production
Database adapter Mysql2
Mailer queue ActiveJob::QueueAdapters::AsyncAdapter
Mailer delivery smtp
SCM:
Subversion 1.12.0
Git 2.19.1
Filesystem
Redmine plugins:
nuova_issue 0.0.2
redmine_add_ldap_user_to_group 0.1.0
redmine_auto_assign_group 0.1.1
redmine_editauthor 0.11.0
view_customize 2.5.0

Actions #1

Updated by Adriano Bellia about 4 years ago

  • Status changed from New to Resolved

For now in my environment it seems resolved.

What I did is changing the called URL in the embeeding page. They are in the same domain but I was calling just the site name and the browser was giving error on the certificate

Actions #2

Updated by Holger Just about 4 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF