CSRF Filters not working in 8.0.4

Yellowfin FAQ shared this problem 9 months ago
Resolved

CSRF Filters are currently not working in 8.0.4. This behavior will first present itself as a an "HTTP Status 403 - Forbidden" error page upon attempting to login.

The stacktrace in the logs will be as follows:

YF:2019-12-22 21:55:07: WARN (CSRFFilter:internalDoFilter) - ===== Nounce did not match! Requested Path: /BrowserCheck.i4 ===== 
Technically, you can workaround this by adding to the Ignore parameters in your web.xml file a "*.i4" parameter for each "HTTP Status 403 - Forbidden" page error you receive. For example, to login you can add "/BrowserCheck.i4, /MIEntry.i4". But of course, you'll likely run into this all over the application. As one additional example, if you attempt to navigate Browse > Browse All, you'll run into same issue with MIDashboard.i4.

There is a defect logged for this with Highest priority and will be addressed by the dev team as soon as possible. We'll provide further updates as they come along.

Comments (2)

photo
1

Updates regarding this will be posted here.

photo
1

This Idea has been resolved and can be found in latest build 8.0.5. You can download latest builds of Yellowfin here.

Regards,

Mike