https://www.redmine.org/https://www.redmine.org/favicon.ico?16793021292011-03-11T15:49:18ZRedmineRedmine - Defect #7843: Add a relation between issues = explicit login window ! (basic authentication popup is prompted on AJAX request)https://www.redmine.org/issues/7843?journal_id=262752011-03-11T15:49:18ZEtienne Massip
<ul></ul><p>What Rails version are you using, with what server ?</p> Redmine - Defect #7843: Add a relation between issues = explicit login window ! (basic authentication popup is prompted on AJAX request)https://www.redmine.org/issues/7843?journal_id=262762011-03-11T15:53:57ZAnonymous
<ul></ul><p>ruby 1.8.6 (2009-06-08 patchlevel 369) [i586-linux]<br />Rails 2.3.11<br />rake 0.8.7 (oups, should be 1.1.0)</p> Redmine - Defect #7843: Add a relation between issues = explicit login window ! (basic authentication popup is prompted on AJAX request)https://www.redmine.org/issues/7843?journal_id=262772011-03-11T15:55:21ZAnonymous
<ul></ul><p>Sorry : <br />rack (1.1.0)<br />rails (2.3.11)<br />rake (0.8.7)</p>
<p>So its ok for rake.</p> Redmine - Defect #7843: Add a relation between issues = explicit login window ! (basic authentication popup is prompted on AJAX request)https://www.redmine.org/issues/7843?journal_id=262782011-03-11T15:56:23ZEtienne Massip
<ul></ul><p>Mongrel ?</p> Redmine - Defect #7843: Add a relation between issues = explicit login window ! (basic authentication popup is prompted on AJAX request)https://www.redmine.org/issues/7843?journal_id=262802011-03-11T15:59:53ZAnonymous
<ul></ul><p>No, i am using Apache2 / Passenger 2.2.8</p>
<p>I do not have the problem if i check the auto login box within the login screen.</p>
<p>And i did not have the problem with Redmine 1.1.0 (Apache2/Passenger 2.2.4).</p> Redmine - Defect #7843: Add a relation between issues = explicit login window ! (basic authentication popup is prompted on AJAX request)https://www.redmine.org/issues/7843?journal_id=262852011-03-11T16:13:15ZEtienne Massip
<ul></ul><p>1.1.0 with Rails 2.3.11 too ?</p>
<p>I hit what seems to be the same problem little time ago with Rails 2.3.11, I thought that was due to a mongrel monkey patch : <a class="external" href="http://www.redmine.org/issues/7688#note-6">http://www.redmine.org/issues/7688#note-6</a>.</p> Redmine - Defect #7843: Add a relation between issues = explicit login window ! (basic authentication popup is prompted on AJAX request)https://www.redmine.org/issues/7843?journal_id=262902011-03-11T17:03:59ZAnonymous
<ul></ul><p>No i was using 1.1.0 with Rails 2.3.5.</p> Redmine - Defect #7843: Add a relation between issues = explicit login window ! (basic authentication popup is prompted on AJAX request)https://www.redmine.org/issues/7843?journal_id=262922011-03-11T17:23:15ZEtienne Massip
<ul><li><strong>Target version</strong> set to <i>1.2.0</i></li></ul><p>Copied from <a class="external" href="http://www.redmine.org/issues/7688#note-6">http://www.redmine.org/issues/7688#note-6</a> (note 6 of <a class="issue tracker-1 status-5 priority-4 priority-default closed" title="Defect: Redmine's trunk (rails 2.3.11) doesn't work with Mongrel 1.1.x (Closed)" href="https://www.redmine.org/issues/7688">#7688</a>) :</p>
<p>Hit a bug with AJAX which I supposed is due to this path but not necessarily :</p>
<p>After some time of use, an AJAX request like parent task auto-complete lookup or adding a new category / version directly from the issue form will perform well but the next request (e.g. new parent task lookup or issue submission) will redirect the user to the login page (with a 401 "non authorized" HTTP error code).</p> Redmine - Defect #7843: Add a relation between issues = explicit login window ! (basic authentication popup is prompted on AJAX request)https://www.redmine.org/issues/7843?journal_id=262932011-03-11T17:23:41ZEtienne Massip
<ul><li><strong>Subject</strong> changed from <i>Add a relation between issues = explicit login window !</i> to <i>Add a relation between issues = explicit login window ! (basic authentication popup is prompted on AJAX request)</i></li></ul> Redmine - Defect #7843: Add a relation between issues = explicit login window ! (basic authentication popup is prompted on AJAX request)https://www.redmine.org/issues/7843?journal_id=262942011-03-11T17:35:33ZEtienne Massip
<ul><li><strong>Affected version (unused)</strong> changed from <i>1.1.2</i> to <i>devel</i></li><li><strong>Affected version</strong> deleted (<del><i>1.1.2</i></del>)</li></ul><p>Changed affected version to devel as 1.1.2 requires Rails 2.3.5.</p> Redmine - Defect #7843: Add a relation between issues = explicit login window ! (basic authentication popup is prompted on AJAX request)https://www.redmine.org/issues/7843?journal_id=263472011-03-13T18:52:46ZEtienne Massip
<ul><li><strong>Category</strong> set to <i>Rails support</i></li></ul> Redmine - Defect #7843: Add a relation between issues = explicit login window ! (basic authentication popup is prompted on AJAX request)https://www.redmine.org/issues/7843?journal_id=263662011-03-14T10:41:22ZEtienne Massip
<ul></ul><p>This happens only if autologin is enabled in settings and not checked in authentication form (no autologin cookie).</p>
<p>This is easily reproducible with local WEBrick even though the server behavior differs a bit : instead of returning a 401, leading the browser to prompt the basic auth form, XHR returns a 200 each time and browsing out to another page will redirect the user to web authentication form.</p> Redmine - Defect #7843: Add a relation between issues = explicit login window ! (basic authentication popup is prompted on AJAX request)https://www.redmine.org/issues/7843?journal_id=263752011-03-14T11:22:49ZEtienne Massip
<ul></ul><p>Just discovered that <code>protect_from_forgery</code> is active in <code>application_controller</code>.</p>
<p>From RoR 2.3.11 release news :<br /><pre>
There are two steps to ensuring that your application sends the CSRF Token with every ajax request.
Providing the token in a meta tag, then ensuring your javascript reads those values and provides them with each request.
The first step involves you including the csrf_meta_tag helper somewhere in your application’s layout.
Rails 3 applications likely already include this helper, however it has now been backported to the 2.3.x series.
</pre></p>
<p>Guess it's the issue, will make some more tests.</p> Redmine - Defect #7843: Add a relation between issues = explicit login window ! (basic authentication popup is prompted on AJAX request)https://www.redmine.org/issues/7843?journal_id=263762011-03-14T11:48:06ZEtienne Massip
<ul><li><strong>File</strong> <a href="/attachments/5570">ajax_session_reset.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/5570/ajax_session_reset.patch">ajax_session_reset.patch</a> added</li></ul><p>Here's a patch which apply what is said <a href="http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails" class="external">here</a> in "Upgrade process".</p>
<p>Works for me.</p> Redmine - Defect #7843: Add a relation between issues = explicit login window ! (basic authentication popup is prompted on AJAX request)https://www.redmine.org/issues/7843?journal_id=263952011-03-14T18:49:49ZBrian Kinder
<ul></ul><p>Confirmed. Patch works great. Thanks!</p> Redmine - Defect #7843: Add a relation between issues = explicit login window ! (basic authentication popup is prompted on AJAX request)https://www.redmine.org/issues/7843?journal_id=264042011-03-14T21:32:34ZJean-Philippe Langjp_lang@yahoo.fr
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Closed</i></li><li><strong>Resolution</strong> set to <i>Fixed</i></li></ul><p>Patch committed in <a class="changeset" title="Send the CSRF token with Ajax requests (#7843). Contributed by Etienne Massip." href="https://www.redmine.org/projects/redmine/repository/svn/revisions/5134">r5134</a>. Thanks for digging into this issue.</p> Redmine - Defect #7843: Add a relation between issues = explicit login window ! (basic authentication popup is prompted on AJAX request)https://www.redmine.org/issues/7843?journal_id=267262011-03-22T17:10:33ZLeonardo Vieira
<ul><li><strong>Status</strong> changed from <i>Closed</i> to <i>Reopened</i></li></ul><p>I was with this problem until i saw this bug report and applied the solution myself.<br />Using Redmine version 1.1.2 <a class="changeset" title="scm: set mime type in downloading file." href="https://www.redmine.org/projects/redmine/repository/svn/revisions/5210">r5210</a>, when using 1.1.1 i didn't have such a problem.<br />I'm using Rails version 2.3.11, and Rack version 1.1.0.<br />Was the patch removed in later updates for some reason?</p> Redmine - Defect #7843: Add a relation between issues = explicit login window ! (basic authentication popup is prompted on AJAX request)https://www.redmine.org/issues/7843?journal_id=267362011-03-22T18:58:19ZEtienne Massip
<ul></ul><p>1.1.1 or 1.1.2 stable do not support Rails 2.3.11.</p>
<p>Since this is a javascript issue, make that the latest <code>application.js</code> has replaced the previous one in your browser's cache.</p> Redmine - Defect #7843: Add a relation between issues = explicit login window ! (basic authentication popup is prompted on AJAX request)https://www.redmine.org/issues/7843?journal_id=274192011-03-31T12:42:51ZEtienne Massip
<ul><li><strong>Status</strong> changed from <i>Reopened</i> to <i>Closed</i></li></ul><p>No feedback and nobody else has been reporting this issue since the fix has been committed to trunk.</p> Redmine - Defect #7843: Add a relation between issues = explicit login window ! (basic authentication popup is prompted on AJAX request)https://www.redmine.org/issues/7843?journal_id=285562011-05-02T20:46:36ZChris Wolf
<ul></ul><p>Etienne Massip wrote:</p>
<blockquote>
<p>1.1.1 or 1.1.2 stable do not support Rails 2.3.11.</p>
<p>Since this is a javascript issue, make that the latest <code>application.js</code> has replaced the previous one in your browser's cache.</p>
</blockquote>
<p>So what is "1.1.2 stable"? That phrase is not mentioned in the compatablity <br />matrix on this page, which I used to guide my installation:</p>
<p><a class="external" href="http://www.redmine.org/projects/redmine/wiki/RedmineInstall">http://www.redmine.org/projects/redmine/wiki/RedmineInstall</a></p>
<p>Is "1.1.2 stable" the same as "trunk from <a class="changeset" title="Upgraded to Rails 2.3.4 (#3597) * Ran the Rails upgrade * Upgraded to Rails Engines 2.3.2 * Adde..." href="https://www.redmine.org/projects/redmine/repository/svn/revisions/2887">r2887</a> to <a class="changeset" title="Added Persian translation contributed by Behrang Noroozinia (#7418)." href="https://www.redmine.org/projects/redmine/repository/svn/revisions/4903">r4903</a>"? Should I downgrade to Rail-2.3.5? Or should I keep Rails-2.3.11 and apply "ajax_session_reset.patch" from this issue?</p> Redmine - Defect #7843: Add a relation between issues = explicit login window ! (basic authentication popup is prompted on AJAX request)https://www.redmine.org/issues/7843?journal_id=334582011-11-02T11:06:34ZOliver Maurhart
<ul></ul><p>We installed Redmine 1.1.2 and applied the given patch.</p>
<p>Now adding a related issue works again ... but delete/remove related issues does now pop up the same explicit login window.</p>