Uploaded image for project: 'University of Michigan'
  1. University of Michigan
  2. UMICH-723

Exclude Gradtools from CSRF

    Details

      Description

      Rackham can no longer upload student lists via the "Gradtools Administration: Dissertation Upload" page - analysis of the logs shows that it is being blocked by over-zealous CSRF processing.
      2013-01-08 12:36:59,532 [ajp-apr-127.0.0.1-8009-exec-22] WARN org.sakaiproject.cheftool.VelocityPortletPaneledAction - CSRF Token mismatched or missing on velocity action: doUpload; toolId=ctools.dissertation.upload

      We need to exclude gradtools from this processing as follows:

      velocity.csrf.insecure.tools.count=2
      velocity.csrf.insecure.tools.2=ctools.dissertation.upload

      We may also need to exclude other gradtool tools: ctools.dissertation, ctools.aboutGradTools, ctools.gradToolsHelp

        Gliffy Diagrams

          Zeplin

            Attachments

              Activity

                People

                Assignee:
                zqian Zhen Qian
                Reporter:
                bkirschn Beth Kirschner
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: