You are here: Foswiki>Tasks Web>Item2156 (22 Jan 2011, ArthurClemens)Edit Attach

Item2156: Update the CSRF 'suspicion' message

Priority: Normal
Current State: Closed
Released In: n/a
Target Release: n/a
Applies To: Engine
Reported By: IngoKappler
Waiting For: Main.KoenMartens
Last Change By: ArthurClemens
It is suggested that we update the CSRF "suspicion" message to indicate that javascript is required.

-- IngoKappler

I updated WhyYouAreAskedToConfirm, which is referred to from the templates that generate the dialog if i'm not mistaken. We might want to add the javascript suggestion to the validation.tmpl itself as well. If no-one objects, I will do so.

-- KoenMartens - 25 Sep 2009

This can even go into <noscript> tags so that it is only shown when no javascript is on.

-- ArthurClemens - 25 Sep 2009

I've seen the WhyYouAreAskedToConfirm related error message several times in our intranet based wiki and I am pretty sure no one tries to attack. So I found that I most likely triggered it by starting an edit session, then leaving it via the back button and re-entering it later on maybe even via another tab.

What I want to say is that this "...can sometimes be triggered when you do something perfectly innocent." may not be that innocent but "stupid" and "general" end user behaviour. Shouldn't this reaction also be addressed in WhyYouAreAskedToConfirm, so users can read about it instead of wondering what they did wrong?

-- IngoKappler - 25 Sep 2009

This has been implemented, first revision on 18 Nov 2009. The javascript note is at the bottom.

-- ArthurClemens - 22 Jan 2011

ItemTemplate edit

Summary Update the CSRF 'suspicion' message
ReportedBy IngoKappler
Codebase 1.0.7
SVN Range Foswiki-1.0.7, Sun, 20 Sep 2009, build 5061
AppliesTo Engine
Priority Normal
CurrentState Closed
WaitingFor KoenMartens
TargetRelease n/a
ReleasedIn n/a
Topic revision: r6 - 22 Jan 2011, ArthurClemens
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy