Agents
APAC SD Team
Category
System Configuration
Product Version
8.0
CSRF Filters not working in 8.0.4
Defect Fixed
CSRF Filters are currently not working in 8.0.4. This behavior will first present itself as a an "HTTP Status 403 - Forbidden" error page upon attempting to login.
The stacktrace in the logs will be as follows:
YF:2019-12-22 21:55:07: WARN (CSRFFilter:internalDoFilter) - ===== Nounce did not match! Requested Path: /BrowserCheck.i4 =====Technically, you can workaround this by adding to the Ignore parameters in your web.xml file a "*.i4" parameter for each "HTTP Status 403 - Forbidden" page error you receive. For example, to login you can add "/BrowserCheck.i4, /MIEntry.i4". But of course, you'll likely run into this all over the application. As one additional example, if you attempt to navigate Browse > Browse All, you'll run into same issue with MIDashboard.i4.
There is a defect logged for this with Highest priority and will be addressed by the dev team as soon as possible. We'll provide further updates as they come along.
The same problem 
Updates regarding this will be posted here.
Updates regarding this will be posted here.
This Idea has been resolved and can be found in latest build 8.0.5. You can download latest builds of Yellowfin here.
Regards,
Mike
This Idea has been resolved and can be found in latest build 8.0.5. You can download latest builds of Yellowfin here.
Regards,
Mike
Hi Mike,
Getting a similar sort of error in 8.02:
BMC:SR:2020-12-17 08:52:05:DEBUG (AdministrationService:remoteAdministrationCall) - Authenticated User: 14180 for remote login (NTLM)
BMC:SR:2020-12-17 08:52:05:DEBUG (AdministrationService:remoteAdministrationCall) - remoteAdministrationCall() completed with status: SUCCESS
BMC:SR:2020-12-17 08:52:05:DEBUG (BrowserInfo:A) - Could not match user-agent string: Java/12.0.2
BMC:SR:2020-12-17 08:52:05: INFO (YFErroPage:processError) - Processing Error Page...
BMC:SR:2020-12-17 08:52:05: WARN (CSRFFilter:internalDoFilter) - ===== Nounce did not match! Requested Path: /SmartReporting/onboarding/router.jsp =====
BMC:SR:2020-12-17 08:52:05: INFO (YFErroPage:processError) - Processing Error Page...
Any idea if it's related?
Thanks,
Nick
Hi Mike,
Getting a similar sort of error in 8.02:
BMC:SR:2020-12-17 08:52:05:DEBUG (AdministrationService:remoteAdministrationCall) - Authenticated User: 14180 for remote login (NTLM)
BMC:SR:2020-12-17 08:52:05:DEBUG (AdministrationService:remoteAdministrationCall) - remoteAdministrationCall() completed with status: SUCCESS
BMC:SR:2020-12-17 08:52:05:DEBUG (BrowserInfo:A) - Could not match user-agent string: Java/12.0.2
BMC:SR:2020-12-17 08:52:05: INFO (YFErroPage:processError) - Processing Error Page...
BMC:SR:2020-12-17 08:52:05: WARN (CSRFFilter:internalDoFilter) - ===== Nounce did not match! Requested Path: /SmartReporting/onboarding/router.jsp =====
BMC:SR:2020-12-17 08:52:05: INFO (YFErroPage:processError) - Processing Error Page...
Any idea if it's related?
Thanks,
Nick
Hi Nick,
This looks to be related. This was fixed in 8.0.4, so it makes sense you may experience this issue in 8.0.2.
Regards,
Mike
Hi Nick,
This looks to be related. This was fixed in 8.0.4, so it makes sense you may experience this issue in 8.0.2.
Regards,
Mike
Replies have been locked on this page!