[EP-tech] indexer and csrf problem
werner.hack at uni-ulm.de
Wed Jun 12 09:20:20 BST 2019
the "Storage Manager" is now showing up with your quick fix.
Regarding the indexer, maybe there was an Edit Lock and I was too impatient :)
I see some messages about this issue in the indexer logfile.
Thanks for your support.
On 6/11/19 4:12 PM, Newman D.R. wrote:
> Hi Werner,
> Regarding the CSRF issue, you need to edit line 14 of:
> and change it from:
> method: "post",
> method: "get",
> I am not sure why this need to be a post rather than a get as it seems
> to work fine as a get.
> I will make sure that this patch is added to GitHub so that it becomes
> part of the next EPrints 3.4 release.
> David Newman
> On Tue, 2019-06-11 at 14:42 +0100, David R Newman wrote:
>> Hi Werner,
>> Regarding the indexer issue, the most likely reason is there is an
>> lock on the EPrint record. This will happen if someone is editing
>> record. This could just be someone loading the edit page and then
>> never hitting either the "Cancel" or "Save and Return". If this is
>> case the task in the indexer will have a status of "Waiting". If it
>> has some other status then their may be another issue. Usually I
>> try setting the tasks status back to waiting (you need not change the
>> scheduled time for the task) and see if it succeeds next time it
>> to run.
>> Edit locks should only last a short-ish time and the indexer task
>> usually get rescheduled for ten minutes later and run without issue
>> no one has tried to start editing this record again. You can go the
>> Actions tab of the EPrint record and click on a button to remove the
>> edit lock if it somehow gets stuck.
>> Regarding the CSRF issue, this is something that has only recently
>> added. It is intended to protect against Cross Site Request Forgery;
>> basically another site trying to submit some malicious request whilst
>> you are logged into EPrints. It looks like in the case of the
>> Manager this does not work as expected. I.e. it thinks something
>> malicious is going on, when it is not. I will take a look on my own
>> 3.4.1 instance and get back to you.
>> David Newman
>> On Tue, 2019-06-11 at 15:23 +0200, Werner Hack via Eprints-tech
>>> Hi all,
>>> I am new to eprints. I recently installed eprints 3.4.1.
>>> But I encountered some issues while testing the software.
>>> I hope you can help me.
>>> o If I want to deposit an article and put the item into the live
>>> the indexer starts some jobs but they keep pending forever.
>>> Restarting the indexer has no effect.
>>> If I do a reindex with the epadmin command, everthing is ok and
>>> the pending
>>> jobs are resolved. Any idea what happens here? What can I do?
>>> o If I enter the "Storage Manager" as Admin in the Config Tools,
>>> I get the following error message:
>>> Cross-Site Request Forgery (CSRF) was detected whilst processing
>>> your last request and therefore its action was not authorised.
>>> Have I missed some configuration?
>>> Any hints are appreciated
>>> Thanks in advance
>>> *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprint
>>> *** Archive: http://www.eprints.org/tech.php/
>>> *** EPrints community wiki: http://wiki.eprints.org/
>>> *** EPrints developers Forum: http://forum.eprints.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5308 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20190612/a7da8a05/attachment.bin
More information about the Eprints-tech