NOTE: If you are a developer, please use a private wiki based on foswiki/trunk on a daily base ...or use trunk.foswiki.org to view this page for some minimal testing.
Use Item9693 for docu changes for 1.2 and 2.0.
You are here: Foswiki>Tasks Web>Item2156 (22 Jan 2011, ArthurClemens) Edit this topic text (e) Attach an image or document to this topic; manage existing attachments (a) View sequential topic history View without formatting (v) Create new topic Printable version of this topic (p) More: delete or rename this topic; set parent topic; view and compare revisions (m)

Item2156: Update the CSRF 'suspicion' message

Priority: CurrentState: AppliesTo: Component: WaitingFor:
Normal Closed Engine   Main.KoenMartens
It is suggested that we update the CSRF "suspicion" message to indicate that javascript is required.

-- IngoKappler

I updated WhyYouAreAskedToConfirm, which is referred to from the templates that generate the dialog if i'm not mistaken. We might want to add the javascript suggestion to the validation.tmpl itself as well. If no-one objects, I will do so.

-- KoenMartens - 25 Sep 2009

This can even go into <noscript> tags so that it is only shown when no javascript is on.

-- ArthurClemens - 25 Sep 2009

I've seen the WhyYouAreAskedToConfirm related error message several times in our intranet based wiki and I am pretty sure no one tries to attack. So I found that I most likely triggered it by starting an edit session, then leaving it via the back button and re-entering it later on maybe even via another tab.

What I want to say is that this "...can sometimes be triggered when you do something perfectly innocent." may not be that innocent but "stupid" and "general" end user behaviour. Shouldn't this reaction also be addressed in WhyYouAreAskedToConfirm, so users can read about it instead of wondering what they did wrong?

-- IngoKappler - 25 Sep 2009

This has been implemented, first revision on 18 Nov 2009. The javascript note is at the bottom.

-- ArthurClemens - 22 Jan 2011

ItemTemplate edit

Summary Update the CSRF 'suspicion' message
ReportedBy IngoKappler
Codebase 1.0.7
SVN Range Foswiki-1.0.7, Sun, 20 Sep 2009, build 5061
AppliesTo Engine
Component
Priority Normal
CurrentState Closed
WaitingFor KoenMartens
Checkins
TargetRelease n/a
ReleasedIn n/a
Edit | Attach | Print version | History: r6 < r5 < r4 < r3 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r6 - 22 Jan 2011, ArthurClemens
 
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. see CopyrightStatement. Creative Commons LicenseGet Foswiki at sourceforge.net. Fast, secure and Free Open Source software downloads