Exclude Gradtools from CSRF

Description

Rackham can no longer upload student lists via the "Gradtools Administration: Dissertation Upload" page - analysis of the logs shows that it is being blocked by over-zealous CSRF processing.
2013-01-08 12:36:59,532 [ajp-apr-127.0.0.1-8009-exec-22] WARN org.sakaiproject.cheftool.VelocityPortletPaneledAction - CSRF Token mismatched or missing on velocity action: doUpload; toolId=ctools.dissertation.upload

We need to exclude gradtools from this processing as follows:

velocity.csrf.insecure.tools.count=2
velocity.csrf.insecure.tools.2=ctools.dissertation.upload

We may also need to exclude other gradtool tools: ctools.dissertation, ctools.aboutGradTools, ctools.gradToolsHelp

Activity

Zhen Qian January 8, 2013 at 11:08 AM

fixed in r118167.

Fixed

Assignee

Reporter

Labels

Components

Fix versions

Affects versions

Priority

Created January 8, 2013 at 9:29 AM
Updated January 16, 2013 at 2:37 PM
Resolved January 8, 2013 at 11:08 AM