[BlueOnyx:24914] ALMA BlueOnyx 5210r CSRF issue weirdness.

Fungal Style wayin at hotmail.com
Sat Apr 17 05:58:14 -05 2021 

Hi all, just sharing with you my current experience…

I setup a couple of new VMs, ALMA ran through real nice, the enabling the API also worked with standard settings…

Then I set up a third VM (I archived one as it was just as a backup whilst I was shuffling vsites from a server vm having issues and I have now archived it also)… then I got major issues.

I found if I:

  *   Installed Alma
  *   Setup ip copnfig in cli
  *   Ran yum update
  *   Setup via BO IP address to set passwords etc.
The CSRF would fail for me (often on the web setting up stage on the last page). If I got through to the normal BO console and tried to enable the API, it would fail with a message about CSRF, yet if I was to disable it in the console settings section, it would still give the same message, the messages log would also say it failed due to invalid key (or similar, I did not take too much notice as it was frustrating me as around 24 hours earlier I did not have an issue with a 2 new vms).

So I thought about it and checked my notes of the steps I did originally… I noticed I setup the web interface prior to the yum update…. Got me to thinking… then I tried by nuking and paving the new VM.

  *   Installed Alma
  *   Setup ip copnfig in cli
  *   Setup via BO IP address to set passwords etc.
  *   Tried to enable API, it failed with the red banner again complaining about CSRF token
  *   Had yet to run the yum update
So then I ran the yum update and then tried to enable the API, and it enabled it without an error.

To me it looks like something is amiss with the CSRF settings if you do the yum update prior to the web setup step it seems to stop the API being enabled (and maybe other issues). This may have been the issue I was having previously that Michael suggested a way to completely disable the CSRF, but I did not need to go to that extreme although it looks like something gets messed up if the steps are done in the wrong order. I did get in the habit of running the yum update after setting the IP address etc in the cli but noticed it does not prompt for that now with ALMA (currently).

Just popping it on the mailing list in case anyone else is banging their head against the wall like I was as I was following what I though was exactly the same steps with the same ISO so could not figure out what I was doing different till I read my notes that I did the yum update in a different order to the rest of the items.

When I get a moment I will see if I can replicate the issue once again, just got a few things to do as I do want to test the WHMCS linking again, now I got the API enabled on a couple of servers.

Regards
Brian


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20210417/65e70f9c/attachment.html>

More information about the Blueonyx mailing list