[BlueOnyx:24993] Re: CSRF mismatch
Michael Stauber
mstauber at blueonyx.it
Tue Jul 13 12:13:40 -05 2021
Hi Jonathan,
> i have a problem with BlueOnyx-5210R-AlmaLinux-8.4-20210701
>
> When i installed the server and want to finish the web wizard it always
> leads to -> CSRF mismatch: The action you have requested is not allowed.
I just tested an install off that ISO again and I don't get that error.
When I hit "Finish" at the last page of the Wizard, I'm redirected to
the login page as my session has expired. Which in my case is related
with the server time (date and time zone) not complying with the
timestamp in the authentication cookie.
Then I can login just normally without any CSRF issues.
But I suspect your session doesn't or isn't expired and then you get the
CSRF error.
I'll revise the mechanism once again and will force session expiry at
the end of the Wizard so that you'll always have to take the round trip
via the login page instead of going directly from Wizard to >
/swupdate/news without authentication.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list