<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<p>Hi Agung PW,</p>
<p>Although the filename as it appears in the HTML source is
auto-3.4.0.js, the actual file that is loaded is
EPRINTS_PATH/archives/ARCHIVE_NAME/html/en/javascript/auto.js and
this is the file you need to delete. EPrints does some clever URL
rewriting to load auto.js rather than trying to load auto-3.4.0.js
that won't exist. The reason for this is so that if you upgrade
EPrints the filename in the HTML source will change one with the
new version number and ensure you do no use the cached JavaScript
from the old version. auto.js is generated by concatenating all
the files in lib/static/javascript/auto/
flavours/pub_lib/static/javascript/auto/ and
archives/ARCHIVE_NAME/cfg/static/javascript/. If any file appears
in more the one directory the one included in auto.js comes from
the later directory. This is why I said that one issue might be
that you updated the files in lib/static/javascript/auto/ but you
might have versions of these files in
archives/ARCHIVE_NAME/cfg/static/javascript/ and these would be
used in the concatenated auto.js, so would still not fix your
missing CSRF protection code issue.</p>
<p>Regards</p>
<p>David Newman<br>
</p>
<div class="moz-cite-prefix">On 25/07/2020 13:36, Ajunk Pracetio
wrote:<br>
</div>
<blockquote type="cite" cite="mid:CACOEPmPqvFWOhUipnUFjRbHjN=BUb9FjSgy6mRObqop4A=PPfA@mail.gmail.com">
<div dir="ltr">
<div>Hi David,</div>
<div>You said I can delete auto.js file and will get new version
of auto-3.4.0.js that has the CSRF protection code. If I
delete the file, how exactly I can get new auto-3.4.0.js that
has the CSRF protection code? <br>
</div>
<div><br>
</div>
<div>Thank you</div>
<div><br>
</div>
<div>Regards,</div>
<div>Agung PW<br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Thu, Jul 23, 2020 at 7:59
PM David R Newman via Eprints-tech <<a href="mailto:eprints-tech@ecs.soton.ac.uk" moz-do-not-send="true">eprints-tech@ecs.soton.ac.uk</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>Hi Agung Prasetyo Wibowo,</p>
<p>This could be one of two issues:</p>
<p>1. You have updated lib directory versions of the various
JavaScript files that are patched in the two GitHub links
you included but there are other versions that take
precedence so these changes will not propagate through to
the version at <a href="http://HOSTNAME/javascript/auto-3.4.0.js" target="_blank" moz-do-not-send="true"><font color="red"><b>MailScanner
has detected a possible fraud attempt from
"hostname" claiming to be</b></font>
http://HOSTNAME/javascript/auto-3.4.0.js</a>. Look for
files with the same name in the equivalent pub_lib,
site_lib or archives/ARCHIVE_NAME directories. <br>
</p>
<p>2. auto-3.4.0.js is still cached and you need to hard
refresh the page to get these changes to come. I have
tried doing this as I know your repository hostname (i.e.
Ctrl+Shift+R for a hard refresh) and this seems to make no
difference and I cannot find the string 'csrf' anywhere in
auto-3.4.0.js. One other issue with caching might be that
archives/ARCHIVE_NAME/html/en/javascript/auto.js and the
files in archives/ARCHIVE_NAME/html/en/javascript/auto/
cannot be overwritten due to a file permission issues. If
you delete all these files, this may resolve the issue and
give you the new version of auto-3.4.0.js that has the
CSRF protection code.</p>
<p>Regards</p>
<p>David Newman<br>
</p>
<div>On 23/07/2020 09:13, Ajunk Pracetio via Eprints-tech
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>Hi,</div>
<div>I'd like to ask. My EPrints version is 3.4. I want
to edit one of the field on phrases editor, but always
get error</div>
<div><br>
</div>
<div> <b>Cross-Site Request Forgery (CSRF) was detected
whilst processing your last request and therefore
its action was not authorised. </b><br>
</div>
<div><br>
</div>
<div>The screenshot like this :</div>
<div>
<div><img src="cid:part3.2941F7EB.6AEA3A93@ecs.soton.ac.uk" alt="image.png" class="" width="541" height="67"><br>
</div>
<div>I already try <a href="https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints3.4%2Fcommit%2F95ed6bee24fb3c138ada80684f0503e54f739c41&data=01%7C01%7C%7C1b9e510c52b8459e58f008d8309f6ce1%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=DbGBxRGO%2F4pP7hWTQxIKGXUe9rfaZSCDCtk%2BaCepdP4%3D&reserved=0" originalSrc="https://github.com/eprints/eprints3.4/commit/95ed6bee24fb3c138ada80684f0503e54f739c41" shash="mik849m9TTuktrxmeuo/8b/SYM123AFLZPpcTaL0Wp8hQID0QxG1emnbebPyys4LwRr6ydQbPp8RM7WG45wzr2rnzIqim+kV6cmdqfeQm6ZaW+232BCQ/QwaitHGGtRESUSq+IgftLisJtf/PDliLq5QclECyRwTmZJBSQLSVHM=" originalsrc="https://github.com/eprints/eprints3.4/commit/95ed6bee24fb3c138ada80684f0503e54f739c41" shash="w7rS4YDLimimxmtloEjEld4PYWw/QWa9XapVBe5JouTaR3VWZ+g9WJEXGRI+7ZP8oljpLl4InDgQtBOVoAExX5BIbsgoz5JVT8C4tJdDbqxZfDesNSu8Xjh3+X5aKbfs+AeV53I/TuBxqqFctloaGEiHnqjGdFxgMZwP6LyeEyc=" target="_blank" moz-do-not-send="true">https://github.com/eprints/eprints3.4/commit/95ed6bee24fb3c138ada80684f0503e54f739c41</a>
and <a href="https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints3.4%2Fcommit%2F6968a5690ccd01f6ffe819a5a626ebe3b04c9ed1&data=01%7C01%7C%7C1b9e510c52b8459e58f008d8309f6ce1%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=mia4u07bheCl8J26%2BRtRmgD1%2FA1dsVtamZPGceQn42c%3D&reserved=0" originalSrc="https://github.com/eprints/eprints3.4/commit/6968a5690ccd01f6ffe819a5a626ebe3b04c9ed1" shash="ZL3D8lOTpOXOy18q8pYfFBwomXF7pN+G8c2rvU988xuwDLLIvaJV+3eNM2HtjAOxfVBwrcn15Q/1NV3fnXCze+SBF9z5SNTXuKAi8uJb/oSvlBBV61fmzOWP2DnD9DxgvkgH7P49b67zmtlmUAGW60xCna0+V2XVWETgBjHQXds=" originalsrc="https://github.com/eprints/eprints3.4/commit/6968a5690ccd01f6ffe819a5a626ebe3b04c9ed1" shash="nGwgtYgn+A1nJxPNh6+IQkLHnZ2Ydn8eFSfEMUPPmJqYj11uK+a3c4I+IyuV6ZJAhfaAWxiW0PkchCseCEhXor+Zo7tH6FnHcWfTjtIEQeEBMGm7VopedtBzShbX9UjbgC/A2/0ZsZM0bUJ3q6wNv4px1TUkvg5mhpLDbhtHc0Q=" target="_blank" moz-do-not-send="true">https://github.com/eprints/eprints3.4/commit/6968a5690ccd01f6ffe819a5a626ebe3b04c9ed1</a>,
but error still persists.</div>
<div><br>
</div>
<div>Please help about this issue.</div>
<div><br>
</div>
<div>Thank you.</div>
<div><br>
</div>
<div>Best regards,</div>
<div>Agung Prasetyo Wibowo.<br>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<pre>*** Options: <a href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech" target="_blank" moz-do-not-send="true">http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech</a>
*** Archive: <a href="https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&data=01%7C01%7C%7C1b9e510c52b8459e58f008d8309f6ce1%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=b7w1Ze3CoiZ4W8RtenF%2FfeMu9gu%2BX2XrDwCXci5rO38%3D&reserved=0" originalSrc="http://www.eprints.org/tech.php/" shash="lkaZ+pRitv5L2RLShZH98bWyurqYrzPK7J8yG2p7RC1PZBgDMcn3Lg1olPDVZxnBr1D9oijv+gB+5luYQfs5fR8dzsr/6g7HJLYfQXZ5tN7Gu21D9YmAkpYgY8QIbI0Yh0NOvKVytE4tfA7FIjYs7qmNMA23Cp+liMclsMx2Ky8=" originalsrc="http://www.eprints.org/tech.php/" shash="Xwu7M4YVoPvlsggaF1a1Wp0r2zeBw/JJ1D6AyrT9Lok/3jYz8NR19V+WLwg2JXpyIu+6KMWlPvBlfWMN4q1o29K1FRiMTSIhwrgImXd/7h42jIURgQxPnXVfylvzymkV109gn6NmRhOvgHj1d7ZpAvFf7TsOiN/rEHUZhkmj7Fc=" target="_blank" moz-do-not-send="true">http://www.eprints.org/tech.php/</a>
*** EPrints community wiki: <a href="https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&data=01%7C01%7C%7C1b9e510c52b8459e58f008d8309f6ce1%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=Ymw5kdm19tzzVLdlhxYNg914E%2BZ2l6mjzW2de3rr9zQ%3D&reserved=0" originalSrc="http://wiki.eprints.org/" shash="v9AkSgGEa4H6ITJeD9oPW3qpjWJ1fTbTxvMJOlThP5hgLWGNIvctJXRaqYOjzEwS/bDJEK3LPjW9qJD/7ceB9N8hAsYJs3uyswPY0pk11dlstun2Kbam58hci01UZyhCexborbGlUSVPmi5sWEnrSxEFtzVasFSN/Fi0lopJ6Xs=" originalsrc="http://wiki.eprints.org/" shash="rDavvc0P2muoVPcQBHoisC6LfQ9Z5jFS/wzdd8CyedPaMfXvGQ4NkWqD+ENRjO0MYRQdBNzgVDO1VBvgrYZAaou6HVsb4XPWEMXhvnNezUkm+DcNGZSXPJnjENQo6yDUn/vDfefvnlMW5QTGf/lTuaNTKDogYONqjDu4NezIOWs=" target="_blank" moz-do-not-send="true">http://wiki.eprints.org/</a></pre>
</blockquote>
<div id="gmail-m_3887228293821871781DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2"><br>
<table style="border-top:1px solid rgb(211,212,222)">
<tbody>
<tr>
<td style="width:55px;padding-top:13px"><a href="https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.avg.com%2Femail-signature%3Futm_medium%3Demail%26utm_source%3Dlink%26utm_campaign%3Dsig-email%26utm_content%3Demailclient&data=01%7C01%7C%7C1b9e510c52b8459e58f008d8309f6ce1%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=dFmXz7cyXuBNrIHfAk0sJZztXtaEQ0KLc1aCDlNlJ5w%3D&reserved=0" originalSrc="http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient" shash="lqN4kExbRyR6sQRINMEWNUPN79QZ56YIDgla5CcG2IxCMUftPt3BsCYgG9QjWY+ZtQ5HvXcoq4p91BEAgHRghBZIPg5qRJYMdXcSwJj2HhDe0x6YBm1rj6P5e5citAXJsAjaQKKRJFk3q9GHSJ6y+bxt2LqgyuN+yZv5qBBXhA4=" originalsrc="http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient" shash="xlIennVK9Sy8hiTkMXd2sn96DpR1toOlNFAX4gP6QbZ6xzHrJ7I8x7XYVsB8eGYXp9aD2A/k/dvTV0lor3BcFe1DxXM0Ft97YW1sjXeo12BfEXC9ZCLDB6DdLiprqV6HLXvyyLXabtnccbxfuPuUqjY0sNF3YBG7D8HoLbP9QK0=" target="_blank" moz-do-not-send="true"><img src="https://ipmcdn.avast.com/images/icons/icon-envelope-tick-green-avg-v1.png" alt="" style="width: 46px; height: 29px;" moz-do-not-send="true" width="46" height="29"></a></td>
<td style="width:470px;padding-top:12px;color:rgb(65,66,78);font-size:13px;font-family:Arial,Helvetica,sans-serif;line-height:18px">Virus-free.
<a href="https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.avg.com%2Femail-signature%3Futm_medium%3Demail%26utm_source%3Dlink%26utm_campaign%3Dsig-email%26utm_content%3Demailclient&data=01%7C01%7C%7C1b9e510c52b8459e58f008d8309f6ce1%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=dFmXz7cyXuBNrIHfAk0sJZztXtaEQ0KLc1aCDlNlJ5w%3D&reserved=0" originalSrc="http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient" shash="lqN4kExbRyR6sQRINMEWNUPN79QZ56YIDgla5CcG2IxCMUftPt3BsCYgG9QjWY+ZtQ5HvXcoq4p91BEAgHRghBZIPg5qRJYMdXcSwJj2HhDe0x6YBm1rj6P5e5citAXJsAjaQKKRJFk3q9GHSJ6y+bxt2LqgyuN+yZv5qBBXhA4=" originalsrc="http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient" shash="xlIennVK9Sy8hiTkMXd2sn96DpR1toOlNFAX4gP6QbZ6xzHrJ7I8x7XYVsB8eGYXp9aD2A/k/dvTV0lor3BcFe1DxXM0Ft97YW1sjXeo12BfEXC9ZCLDB6DdLiprqV6HLXvyyLXabtnccbxfuPuUqjY0sNF3YBG7D8HoLbP9QK0=" style="color:rgb(68,83,234)" target="_blank" moz-do-not-send="true">www.avg.com</a> </td>
</tr>
</tbody>
</table>
<a href="#m_3887228293821871781_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2" width="1" height="1" moz-do-not-send="true"> </a></div>
</div>
*** Options: <a href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech" rel="noreferrer" target="_blank" moz-do-not-send="true">http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech</a><br>
*** Archive: <a href="https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&data=01%7C01%7C%7C1b9e510c52b8459e58f008d8309f6ce1%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=b7w1Ze3CoiZ4W8RtenF%2FfeMu9gu%2BX2XrDwCXci5rO38%3D&reserved=0" originalSrc="http://www.eprints.org/tech.php/" shash="lkaZ+pRitv5L2RLShZH98bWyurqYrzPK7J8yG2p7RC1PZBgDMcn3Lg1olPDVZxnBr1D9oijv+gB+5luYQfs5fR8dzsr/6g7HJLYfQXZ5tN7Gu21D9YmAkpYgY8QIbI0Yh0NOvKVytE4tfA7FIjYs7qmNMA23Cp+liMclsMx2Ky8=" originalsrc="http://www.eprints.org/tech.php/" shash="Xwu7M4YVoPvlsggaF1a1Wp0r2zeBw/JJ1D6AyrT9Lok/3jYz8NR19V+WLwg2JXpyIu+6KMWlPvBlfWMN4q1o29K1FRiMTSIhwrgImXd/7h42jIURgQxPnXVfylvzymkV109gn6NmRhOvgHj1d7ZpAvFf7TsOiN/rEHUZhkmj7Fc=" rel="noreferrer" target="_blank" moz-do-not-send="true">http://www.eprints.org/tech.php/</a><br>
*** EPrints community wiki: <a href="https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&data=01%7C01%7C%7C1b9e510c52b8459e58f008d8309f6ce1%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=Ymw5kdm19tzzVLdlhxYNg914E%2BZ2l6mjzW2de3rr9zQ%3D&reserved=0" originalSrc="http://wiki.eprints.org/" shash="v9AkSgGEa4H6ITJeD9oPW3qpjWJ1fTbTxvMJOlThP5hgLWGNIvctJXRaqYOjzEwS/bDJEK3LPjW9qJD/7ceB9N8hAsYJs3uyswPY0pk11dlstun2Kbam58hci01UZyhCexborbGlUSVPmi5sWEnrSxEFtzVasFSN/Fi0lopJ6Xs=" originalsrc="http://wiki.eprints.org/" shash="rDavvc0P2muoVPcQBHoisC6LfQ9Z5jFS/wzdd8CyedPaMfXvGQ4NkWqD+ENRjO0MYRQdBNzgVDO1VBvgrYZAaou6HVsb4XPWEMXhvnNezUkm+DcNGZSXPJnjENQo6yDUn/vDfefvnlMW5QTGf/lTuaNTKDogYONqjDu4NezIOWs=" rel="noreferrer" target="_blank" moz-do-not-send="true">http://wiki.eprints.org/</a></blockquote>
</div>
</blockquote>
</body>
</html>