naumovskib

Absent Member.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-11-28
16:21
593 views
"Potential CSRF(Cross-site Request Forgery) detected" error
Hi All,
I am encountering a "Potential CSRF(Cross-site Request Forgery) detected against" error in a fresh installation of 4.7.1.1 User Application. The custom workflow that is in place has a custom script in the approval form, where a separate function checks for the logged user's group membership. Without this function, the approval form works as expected, but when it is added, the approval form opens and the session is closed with the following error in the User Application log (no further information even in DEBUG):
ERROR [com.novell.common.AntiCsrfServletFilter] (https-jsse-nio-8543-exec-26) [RBPM] Potential CSRF(Cross-site Request Forgery) detected against /IDMProv/UIQuery?service=vdm&uasess=-7120981205847460543. Session has been logged out.
The function that checks the user membership does a IDVault.get as shown below, to retrieve the members of the group and checks if the user is listed:
var group_members = IDVault.get(null, dn_group_owners , 'group', 'Member');
Is there a reason for this happening and is there a way to go around it?
Thank you in advance,
Boris
I am encountering a "Potential CSRF(Cross-site Request Forgery) detected against" error in a fresh installation of 4.7.1.1 User Application. The custom workflow that is in place has a custom script in the approval form, where a separate function checks for the logged user's group membership. Without this function, the approval form works as expected, but when it is added, the approval form opens and the session is closed with the following error in the User Application log (no further information even in DEBUG):
ERROR [com.novell.common.AntiCsrfServletFilter] (https-jsse-nio-8543-exec-26) [RBPM] Potential CSRF(Cross-site Request Forgery) detected against /IDMProv/UIQuery?service=vdm&uasess=-7120981205847460543. Session has been logged out.
The function that checks the user membership does a IDVault.get as shown below, to retrieve the members of the group and checks if the user is listed:
var group_members = IDVault.get(null, dn_group_owners , 'group', 'Member');
Is there a reason for this happening and is there a way to go around it?
Thank you in advance,
Boris
1 Reply
AutomaticReply

Absent Member.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-12-03
05:30
naumovskib,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
These forums are peer-to-peer, best effort, volunteer run and that if your issue
is urgent or not getting a response, you might try one of the following options:
- Visit https://www.microfocus.com/support-and-services and search the knowledgebase and/or check
all the other self support options and support programs available.
- Open a service request: https://www.microfocus.com/support
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.microfocus.com)
- You might consider hiring a local partner to assist you.
https://www.partnernetprogram.com/partnerfinder/find.html
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.microfocus.com/faq.php
Sometimes this automatic posting will alert someone that can respond.
If this is a reply to a duplicate posting or otherwise posted in error, please
ignore and accept our apologies and rest assured we will issue a stern reprimand
to our posting bot.
Good luck!
Your Micro Focus Forums Team
http://forums.microfocus.com
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
These forums are peer-to-peer, best effort, volunteer run and that if your issue
is urgent or not getting a response, you might try one of the following options:
- Visit https://www.microfocus.com/support-and-services and search the knowledgebase and/or check
all the other self support options and support programs available.
- Open a service request: https://www.microfocus.com/support
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.microfocus.com)
- You might consider hiring a local partner to assist you.
https://www.partnernetprogram.com/partnerfinder/find.html
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.microfocus.com/faq.php
Sometimes this automatic posting will alert someone that can respond.
If this is a reply to a duplicate posting or otherwise posted in error, please
ignore and accept our apologies and rest assured we will issue a stern reprimand
to our posting bot.
Good luck!
Your Micro Focus Forums Team
http://forums.microfocus.com