CSRF Filters not working in 8.0.4

Yellowfin FAQ shared this problem 59 days ago
Defect Logged

CSRF Filters are currently not working in 8.0.4. This behavior will first present itself as a an "HTTP Status 403 - Forbidden" error page upon attempting to login.

The stacktrace in the logs will be as follows:

YF:2019-12-22 21:55:07: WARN (CSRFFilter:internalDoFilter) - ===== Nounce did not match! Requested Path: /BrowserCheck.i4 ===== 
Technically, you can workaround this by adding to the Ignore parameters in your web.xml file a "*.i4" parameter for each "HTTP Status 403 - Forbidden" page error you receive. For example, to login you can add "/BrowserCheck.i4, /MIEntry.i4". But of course, you'll likely run into this all over the application. As one additional example, if you attempt to navigate Browse > Browse All, you'll run into same issue with MIDashboard.i4.

There is a defect logged for this with Highest priority and will be addressed by the dev team as soon as possible. We'll provide further updates as they come along.

Comments (1)

photo
1

Updates regarding this will be posted here.