[BlueOnyx:24915] Re: ALMA BlueOnyx 5210r CSRF issue weirdness.
Michael Stauber
mstauber at blueonyx.it
Sat Apr 17 12:53:32 -05 2021
Hi Brian,
> I found if I:
>
> * Installed Alma
> * Setup ip copnfig in cli
> * Ran yum update
> * Setup via BO IP address to set passwords etc.
>
> The CSRF would fail for me (often on the web setting up stage on the
> last page). If I got through to the normal BO console and tried to
> enable the API, it would fail with a message about CSRF
Yeah, the ISOs for 5210R are currently missing the YUM updates for the
API and are also missing the provisions to allow certain IPs (the API
IPs) to bypass CSRF.
So the suggested procedure is to install off the ISO and then YUM update.
To make things easier I'm now rolling up a new 5210R ISO that already
has these updates.
> To me it looks like something is amiss with the CSRF settings if you do
> the yum update prior to the web setup step it seems to stop the API
> being enabled (and maybe other issues).
It's actually the other way around (with or without the updates): On ISO
install CSRF is off. It only gets enabled once the web based setup has
been completed.
> When I get a moment I will see if I can replicate the issue once again,
> just got a few things to do as I do want to test the WHMCS linking
> again, now I got the API enabled on a couple of servers.
Please try the new BlueOnyx-5210R-AlmaLinux-8.3-20210417.iso that I just
rolled up.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list