CSRF errors on including LDAP Users

celso.lom · January 31, 2017, 08:18:46 PM

I received CSRF error on including user from LDAP. I tried with Chrome, Firefox, Opera, Vivaldi and Edge. Any help about?

celso.lom · January 31, 2017, 08:47:59 PM

I recharge https://hostname/system_usermanager_import_ldap.php and try again. Works! But appear to be a bug.

franco · January 31, 2017, 09:00:53 PM

Hi,

Thanks for your report. What is your version? 17.1?

Can you give a bit more detail about the steps to reproduce?

CSRF handling was replaced rather late in the development track of 17.1 so I guess this is where we need to look.

Cheers,
Franco

celso.lom · January 31, 2017, 09:20:16 PM

I have added a Active Directory Server to auth, tested OK.
1 - On the select page to add new user from LDAP (https://hostname/system_usermanager_import_ldap.php), i select the user and save. CSRF error returned.
2 - I recharge the page and select user again and save, saves well.

I tried with 2 diferent computers (Windows 10 and Mint 18), with Chrome, Firefox, Vivaldi, Opera and Edge.

It's a pleasure to help!

PS: Sorry about my english.

franco · January 31, 2017, 09:24:04 PM

No worries and thanks for the explanation. We will track it down this week and post an update.

Cheers,
Framco

franco · February 02, 2017, 10:03:54 PM

Will be fixed in 17.1.1: https://github.com/opnsense/core/commit/f20640d0b69113

Cheers,
Franco

CSRF errors on including LDAP Users

celso.lom

January 31, 2017, 08:18:46 PM Last Edit: January 31, 2017, 08:32:43 PM by celso.lom

celso.lom

January 31, 2017, 08:47:59 PM #1

franco

January 31, 2017, 09:00:53 PM #2

celso.lom

January 31, 2017, 09:20:16 PM #3 Last Edit: January 31, 2017, 09:23:23 PM by celso.lom

franco

January 31, 2017, 09:24:04 PM #4

franco

February 02, 2017, 10:03:54 PM #5