Re: [rt-users] Some users getting CSRF warnings when creating tickets?
On 9/27/16 9:17 AM, Alex Hall wrote: That makes me wonder: would having two subdomains do it? I have tickets.domain.com and rt.domain.com both going to the same thing, but rt.autodist.com is the actual domain in the configuration files. Yes this would do it. There is a config option to allow you to bypass the CSRF warning for the additional domains: https://docs.bestpractical.com/rt/4.4.1/RT_Config.html#ReferrerWhitelist - RT 4.4 and RTIR training sessions, and a new workshop day! https://bestpractical.com/training * Boston - October 24-26 * Los Angeles - Q1 2017
Re: [rt-users] Some users getting CSRF warnings when creating tickets?
Hey Alex, We’ve seen this when users are jumping between the http and https versions of our RT instance. Advising everyone to login at the https address seemed to resolve it for us. Thanks. -Sean From: rt-users [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Alex Hall Sent: Monday, September 26, 2016 4:07 PM To: rt-users <rt-users@lists.bestpractical.com> Subject: [rt-users] Some users getting CSRF warnings when creating tickets? Hi all, We're starting to have more people test RT now. Oddly, the two who just started trying it out get CSRF warnings when they try to make or update tickets, while no one else does. They are using Chrome, but so is a guy who is *not* getting the warnings. We're all in the same building, thus on the same network. Any idea why this might be happening? My Nginx log for RT doesn't include anything about this, and my RT log is empty. Thanks. -- Alex Hall Automatic Distributors, IT department ah...@autodist.com<mailto:ah...@autodist.com> - RT 4.4 and RTIR training sessions, and a new workshop day! https://bestpractical.com/training * Boston - October 24-26 * Los Angeles - Q1 2017
Re: [rt-users] Some users getting CSRF warnings when creating tickets?
That makes me wonder: would having two subdomains do it? I have tickets.domain.com and rt.domain.com both going to the same thing, but rt.autodist.com is the actual domain in the configuration files. I wonder if starting from tickets.domain.com would cause this warning, as the browser sees one domain trying to do action on what it thinks is a different one? I'll have people stick to rt.domain.com and see if that makes a difference. On Tue, Sep 27, 2016 at 8:23 AM, Sean Cwiek <cwi...@mcls.org> wrote: > Hey Alex, > > > > We’ve seen this when users are jumping between the http and https versions > of our RT instance. Advising everyone to login at the https address seemed > to resolve it for us. > > > > Thanks. > > > > -Sean > > > > *From:* rt-users [mailto:rt-users-boun...@lists.bestpractical.com] *On > Behalf Of *Alex Hall > *Sent:* Monday, September 26, 2016 4:07 PM > *To:* rt-users <rt-users@lists.bestpractical.com> > *Subject:* [rt-users] Some users getting CSRF warnings when creating > tickets? > > > > Hi all, > > We're starting to have more people test RT now. Oddly, the two who just > started trying it out get CSRF warnings when they try to make or update > tickets, while no one else does. They are using Chrome, but so is a guy who > is *not* getting the warnings. We're all in the same building, thus on the > same network. Any idea why this might be happening? My Nginx log for RT > doesn't include anything about this, and my RT log is empty. Thanks. > > > -- > > Alex Hall > > Automatic Distributors, IT department > > ah...@autodist.com > -- Alex Hall Automatic Distributors, IT department ah...@autodist.com - RT 4.4 and RTIR training sessions, and a new workshop day! https://bestpractical.com/training * Boston - October 24-26 * Los Angeles - Q1 2017
[rt-users] Some users getting CSRF warnings when creating tickets?
Hi all, We're starting to have more people test RT now. Oddly, the two who just started trying it out get CSRF warnings when they try to make or update tickets, while no one else does. They are using Chrome, but so is a guy who is *not* getting the warnings. We're all in the same building, thus on the same network. Any idea why this might be happening? My Nginx log for RT doesn't include anything about this, and my RT log is empty. Thanks. -- Alex Hall Automatic Distributors, IT department ah...@autodist.com - RT 4.4 and RTIR training sessions, and a new workshop day! https://bestpractical.com/training * Boston - October 24-26 * Los Angeles - Q1 2017