Defect #5387

Invalid autenticity token

Added by Lluís Vilanova over 7 years ago. Updated over 7 years ago.

Status:ClosedStart date:2010-04-27
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:-
Target version:-
Resolution:Duplicate Affected version:0.9.3

Description

Some operations, even if executed as 'admin', fail with the error message Invalid autenticity token,

I've tried both with debian's epiphany version 2.30.2-1 and iceweasel 3.5.9-2. Redmine debian's 0.9.3-3 package with sqlite (with and without cleaning cookies stored by the redmine server in our network).

The error is strange, as some operations do indeed work, and the log shows the same token for all failing and non-failing operations.

Destroy repository (succeeds):

Processing RepositoriesController#destroy (for <IP> at 2010-04-27 11:40:47) [POST]
  Parameters: {"action"=>"destroy", "authenticity_token"=>"0c1460674eb112a01315c219bf8b8b44aa473668", "id"=>"sciexp2", "controller"=>"repositories"}
Redirected to tabrepositoryactionsettingscontrollerprojectsidSciExp²
Completed in 40ms (DB: 20) | 302 Found [https://<server>/projects/sciexp2/repository/destroy]

Go back to settings and add the 'issues' module to the project (fails):

Processing ProjectsController#settings (for <IP> at 2010-04-27 11:40:47) [GET]
  Parameters: {"action"=>"settings", "id"=>"sciexp2", "controller"=>"projects", "tab"=>"repository"}
Rendering template within layouts/base
Rendering projects/settings
Completed in 122ms (View: 113, DB: 2) | 200 OK [https://<server>/projects/sciexp2/settings/repository]

Processing ProjectsController#modules (for <IP> at 2010-04-27 11:41:42) [POST]
  Parameters: {"enabled_modules"=>["issue_tracking", "wiki", "repository"], "commit"=>"Save", "action"=>"modules", "authenticity_token"=>"0c1460674eb112a01315c219bf8b8b44aa473668", "id"=>"sciexp2", "controller"=>"projects"}
Rendering template within layouts/base

Go back, and re-add the subversion URI for the repository (succeeds):

Processing ProjectsController#settings (for <IP> at 2010-04-27 11:41:58) [GET]
  Parameters: {"action"=>"settings", "id"=>"sciexp2", "controller"=>"projects", "tab"=>"repository"}
Rendering template within layouts/base
Rendering projects/settings
Completed in 119ms (View: 110, DB: 3) | 200 OK [https://<server>/projects/sciexp2/settings/repository]

Processing RepositoriesController#edit (for <IP> at 2010-04-27 11:42:05) [GET]
  Parameters: {"action"=>"edit", "authenticity_token"=>"0c1460674eb112a01315c219bf8b8b44aa473668", "id"=>"sciexp2", "controller"=>"repositories", "repository_scm"=>"Subversion"}
Completed in 14ms (View: 7, DB: 2) | 200 OK [https://<server>/projects/sciexp2/repository/edit?authenticity_token=0c1460674eb112a01315c219bf8b8b44aa473668&authenticity_token=0c1460674eb112a01315c219bf8b8b44aa473668&repository_scm=Subversion]

Processing RepositoriesController#edit (for <IP> at 2010-04-27 11:42:23) [POST]
  Parameters: {"repository"=>{"url"=>"file:///home/code/svn/sciexp2", "login"=>""}, "commit"=>"Create", "action"=>"edit", "authenticity_token"=>"0c1460674eb112a01315c219bf8b8b44aa473668", "id"=>"sciexp2", "controller"=>"repositories", "ignore"=>"", "repository_scm"=>"Subversion"}
Completed in 23ms (View: 10, DB: 2) | 200 OK [https://<server>/projects/sciexp2/repository/edit]

Thanks a lot for your wonderful work.


Related issues

Related to Redmine - Patch #3968: session cookie path does not respect RAILS_RELATIVE_URL_ROOT Closed 2009-10-04
Related to Redmine - Defect #5051: Cookie issue when using Redmine on Firefox Closed 2010-03-11

History

#1 Updated by Lluís Vilanova over 7 years ago

I cannot edit the initial bug report, but I've misstyped the error message. It is Invalid form authenticity token..

#2 Updated by Fritz brause over 7 years ago

maybe same problem as in #5051

#3 Updated by Lluís Vilanova over 7 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

After upgrading my installation to debian's 0.9.4-2 version, the problem disappeared.

As the debian changelog says, this is solved here, which already exists as patch #3968.

Note that this also probably solves defect #5051.

#4 Updated by Felix Schäfer over 7 years ago

  • Status changed from Resolved to Closed
  • Resolution set to Duplicate

Closing this in favor of #3968.

Also available in: Atom PDF