Highlighted
Absent Member.. Absent Member..
Absent Member..
1825 views

Failed to validate CSRF token for the URL: /sm9/service.do

Hi, I am seeing these errors in the sm log in SM Web client in Tomcat and am wondering if anyone knows what this means? Here is the full error:

 

ERROR ajp-bio-8012-exec-17 com.hp.ov.web.csrf.AntiCSRFFilter - Failed to validate CSRF token for the URL: /sm9/service.do

 

We have an issue where multiple people are having issues accessing SRC (Service Request Catalog) and I think this might be a reason why.

 

Thanks.

0 Likes
11 Replies
Highlighted
Absent Member.. Absent Member..
Absent Member..

Re: Failed to validate CSRF token for the URL: /sm9/service.do

I know this is an old post but did you ever figure out this error ?  I suddenly started getting this error and having an outage.  but my bcp server setup the same way is not getting this error.  no changes were made on sm side.

 

Failed to validate CSRF token for the URL: /smt/service.do

0 Likes
Highlighted
Absent Member.. Absent Member..
Absent Member..

Re: Failed to validate CSRF token for the URL: /sm9/service.do

Hello,

 

Experts,

 

I am facing same issue..could you please anybody help me on this?

 

Regards,

 

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Failed to validate CSRF token for the URL: /sm9/service.do

Is there a hardware load balancer being used in this configuration? If so is it it fronting SRC or the Webtier?

0 Likes
Highlighted
Absent Member.. Absent Member..
Absent Member..

Re: Failed to validate CSRF token for the URL: /sm9/service.do

Same error on two tomcat webclient 9.40 instances after F5 hardware loadbalancer. CSRF configuration in web.xml is default.

ERROR http-bio-xx.xxx.xxx.xx-8443-exec-1932 com.hp.ov.web.csrf.AntiCSRFFilter - Failed to validate CSRF token for the URL: /detail.do
ERROR http-bio-xx.xxx.xxx.xx-8443-exec-1956 com.hp.ov.web.csrf.AntiCSRFFilter - Failed to validate CSRF token for the URL: /service.do

Any ideas?

0 Likes
Highlighted
Absent Member.. Absent Member..
Absent Member..

Re: Failed to validate CSRF token for the URL: /sm9/service.do

Hi ,

I am getting the same error messages (Failed to validate CSRF token for the URL: /qms/service.do) in apache logs and when we get this web users fail to login the HP Service Manager web client. At the same time in the application server logs I can see (E Remote host(<MY web server ip>) is not a trusted client messages. my HP SM setup was horizontally scaled SSO enabled with SSL certificates. any one faced this issue and able to fix it? 

Much appreciate any suggestions. 

Thanks,

Pranav Kolli. 

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Failed to validate CSRF token for the URL: /sm9/service.do

What version are you running?  Later versions of SM (i.e. 9.40.0020 & 9.35.4001) should have code fixes to reduce the number of messages appearing in the log

0 Likes
Highlighted
Absent Member.. Absent Member..
Absent Member..

Re: Failed to validate CSRF token for the URL: /sm9/service.do

Brett,

Thanks for the reply. 

We are running on HP SM Server: 9.35.0012 version. Any suggestion on which area this error message was related to? and the strange part is, it fixing on its own after some time or when we restart the apache services. But from the recent times, we are seeing this issue more often. 

Thanks,

Pranav Kolli. 

 

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Failed to validate CSRF token for the URL: /sm9/service.do

a CSRF token was introduced to prevent CSRF attacks. The CSRF token is added to the URL of most GET requests and part of POST requests, it is submitted as form data for most POST requests. It is my understanding that code was modified for the GET requests.  What you could do is upgrade the RTE to build 4001 and monitor the environment,

0 Likes
Highlighted
Absent Member.. Absent Member..
Absent Member..

Re: Failed to validate CSRF token for the URL: /sm9/service.do

Thanks for the suggestion Brett, 

Unfortunately we are moving out of HPSM next year and we no more have active HP support contract.  So am afraid I don’t have that option. To handle this issue, do we have any work around? May like rebuilding the SSL certificates or something? 

Thanks,

Pranav Kolli. 

0 Likes
Highlighted
Acclaimed Contributor.
Acclaimed Contributor.

Re: Failed to validate CSRF token for the URL: /sm9/service.do

i have same problem

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Failed to validate CSRF token for the URL: /sm9/service.do

Please see my earlier post: " upgrade the RTE to build 4001 and monitor the environment,"

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.