[Archivesspace_Users_Group] error on v2.2.0 PUI print PDF: InvalidAuthenticityToken

Majewski, Steven Dennis (sdm7g) sdm7g at virginia.edu
Fri Mar 16 10:28:45 EDT 2018 


Just for the record: we were missing these two lines documented in README_HTTPS.md example in our apache config:

       RequestHeader set X-Forwarded-Proto "https"
       ProxyPreserveHost On

After adding those lines it appears to work properly. 

— Steve M.


> On Jan 23, 2018, at 5:46 PM, Majewski, Steven Dennis (sdm7g) <sdm7g at virginia.edu> wrote:
> 
> 
> Also discovered that PDF print thru SSL proxy does work in Firefox after googling “authenticity token proxy ssl” 
> and seeing title of this Rails issue:
> 
>  CSRF protection prevents some webkit users from submitting forms · Issue #21948 · rails/rails <https://github.com/rails/rails/issues/21948>
> 
> I’ve been seeing the bug in Safari, and you’ve been seeing it in Chrome. Both, I believe, are webkit based.
> 
> Long discussion thread that I haven’t digested yet, so I’m not sure if that is the problem here. 
> That same google search brings up some other issues that may be related to not passing all of the headers thru proxy. 
> 
> https://github.com/rails/rails/issues/22965 <https://github.com/rails/rails/issues/22965>
> 
> 
> — Steve M. 
> 
> 
> 
>> On Jan 23, 2018, at 5:15 PM, Majewski, Steven Dennis (sdm7g) <sdm7g at virginia.edu <mailto:sdm7g at virginia.edu>> wrote:
>> 
>> 
>> Thanks. Yes: I’m still seeing the problem. No: no solution so far. 
>> The fact that I was only seeing it on production limited my ability to debug. 
>> Now that you’ve found it’s linked to SSL proxy, I will try to set up test machines to reproduce the problem.  
>> 
>> — Steve. 
>> 
>> 
>> 
>>> On Jan 23, 2018, at 4:25 PM, Chelsea Lobdell <clobdel1 at swarthmore.edu <mailto:clobdel1 at swarthmore.edu>> wrote:
>>> 
>>> Update: we were able to identify that this error was happening only when running the application over SSL. Accessing the site over non-SSL allowed the print function to work. 
>>> 
>>> - Chelsea
>>> 
>>> ---------------
>>> Chelsea Lobdell
>>> Library Web Developer/ Swarthmore College
>>> clobdel1 at swarthmore.edu <mailto:clobdel1 at swarthmore.edu> / (610)690-6818
>>> 
>>> On Tue, Jan 23, 2018 at 3:45 PM, Chelsea Lobdell <clobdel1 at swarthmore.edu <mailto:clobdel1 at swarthmore.edu>> wrote:
>>> Hi Aspace! 
>>> 
>>> I saw this post on the user group but was not able to find the thread in my email so I apologize for replying off thread. 
>>> 
>>> We are seeing this same error and we are running v.2.2.2 However, the error seems to be browser specific as it only happens in Chrome. Here's the log output: 
>>> 
>>> Jan 23, 2018 3:32:31 PM org.eclipse.jetty.server.handler.ContextHandler$Context log
>>> INFO: W, [2018-01-23T15:32:31.474750 #21127]  WARN -- : [e1415e7e-47c5-4776-893f-cb5a7b33a4d9] Can't verify CSRF token authenticity.
>>> 
>>> Jan 23, 2018 3:32:31 PM org.eclipse.jetty.server.handler.ContextHandler$Context log
>>> INFO: I, [2018-01-23T15:32:31.478068 #21127]  INFO -- : [e1415e7e-47c5-4776-893f-cb5a7b33a4d9] Completed 422 Unprocessable Entity in 6ms
>>> 
>>> Jan 23, 2018 3:32:31 PM org.eclipse.jetty.server.handler.ContextHandler$Context log
>>> INFO: F, [2018-01-23T15:32:31.485699 #21127] FATAL -- : [e1415e7e-47c5-4776-893f-cb5a7b33a4d9]
>>> 
>>> Jan 23, 2018 3:32:31 PM org.eclipse.jetty.server.handler.ContextHandler$Context log
>>> INFO: F, [2018-01-23T15:32:31.486567 #21127] FATAL -- : [e1415e7e-47c5-4776-893f-cb5a7b33a4d9] ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
>>> 
>>> Jan 23, 2018 3:32:31 PM org.eclipse.jetty.server.handler.ContextHandler$Context log
>>> INFO: F, [2018-01-23T15:32:31.487220 #21127] FATAL -- : [e1415e7e-47c5-4776-893f-cb5a7b33a4d9]
>>> 
>>> Steve, were you ever able to find a solution for this? Has anybody else encountered this error when trying to print a PDF of a collection in Chrome? 
>>> 
>>> Thanks, 
>>> Chelsea
>>> ---------------
>>> Chelsea Lobdell
>>> Library Web Developer/ Swarthmore College
>>> clobdel1 at swarthmore.edu <mailto:clobdel1 at swarthmore.edu> / (610)690-6818 <tel:(610)%20690-6818>
>>> _______________________________________________
>>> Archivesspace_Users_Group mailing list
>>> Archivesspace_Users_Group at lyralists.lyrasis.org <mailto:Archivesspace_Users_Group at lyralists.lyrasis.org>
>>> http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group <http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group>
>> 
>> _______________________________________________
>> Archivesspace_Users_Group mailing list
>> Archivesspace_Users_Group at lyralists.lyrasis.org <mailto:Archivesspace_Users_Group at lyralists.lyrasis.org>
>> http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group
> 
> _______________________________________________
> Archivesspace_Users_Group mailing list
> Archivesspace_Users_Group at lyralists.lyrasis.org
> http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lyralists.lyrasis.org/pipermail/archivesspace_users_group/attachments/20180316/c1527800/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6091 bytes
Desc: not available
URL: <http://lyralists.lyrasis.org/pipermail/archivesspace_users_group/attachments/20180316/c1527800/attachment.bin>

More information about the Archivesspace_Users_Group mailing list