Forum OpenACS Q&A: getting a Cross-Site Request Forgery error on openacs.org

Collapse
1: getting a Cross-Site Request Forgery error on openacs.org
Posted by Brian Fenton on 11/21/16 04:14 PM
Hi

I was trying to search the API Doc at http://www.openacs.org/api-doc but I'm getting the following error:

Invalid request token (potential Cross-Site Request Forgery)

Collapse
2: Re: getting a Cross-Site Request Forgery error on openacs.org (response to 1)
Posted by Gustaf Neumann on 11/22/16 10:16 AM
Thanks for noting. should be fixed by now.
Collapse
3: Re: getting a Cross-Site Request Forgery error on openacs.org (response to 1)
Posted by Brian Fenton on 11/22/16 10:20 AM
Yeah, looks good. Many thanks!

Brian

Collapse
4: Re: getting a Cross-Site Request Forgery error on openacs.org (response to 1)
Posted by Brian Fenton on 11/22/16 10:26 AM
Actually, I spoke too soon - there is one case where it's still occurring. If you search the API Doc for e.g. "cookie", the error occurs when you click on the "Show | Hide 5 deprecated procedure matches" link.

Brian

Collapse
5: Re: getting a Cross-Site Request Forgery error on openacs.org (response to 1)
Posted by Gustaf Neumann on 11/22/16 10:42 AM
also fixed. the first bug was a new one, the second one was a old one.
Collapse
6: Re: getting a Cross-Site Request Forgery error on openacs.org (response to 1)
Posted by Brian Fenton on 11/22/16 10:45 AM
Fast turnaround! Thank you!

Brian