<div dir="ltr">That makes me wonder: would having two subdomains do it? I have <a href="http://tickets.domain.com">tickets.domain.com</a> and <a href="http://rt.domain.com">rt.domain.com</a> both going to the same thing, but <a href="http://rt.autodist.com">rt.autodist.com</a> is the actual domain in the configuration files. I wonder if starting from <a href="http://tickets.domain.com">tickets.domain.com</a> would cause this warning, as the browser sees one domain trying to do action on what it thinks is a different one? I'll have people stick to <a href="http://rt.domain.com">rt.domain.com</a> and see if that makes a difference.<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Sep 27, 2016 at 8:23 AM, Sean Cwiek <span dir="ltr"><<a href="mailto:cwieks@mcls.org" target="_blank">cwieks@mcls.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div link="blue" vlink="purple" lang="EN-US">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Hey Alex,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">We’ve seen this when users are jumping between the http and https versions of our RT instance. Advising everyone to login at the https address seemed to resolve it for us.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Thanks.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">-Sean<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><u></u> <u></u></span></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> rt-users [mailto:<a href="mailto:rt-users-bounces@lists.bestpractical.com" target="_blank">rt-users-bounces@<wbr>lists.bestpractical.com</a>]
<b>On Behalf Of </b>Alex Hall<br>
<b>Sent:</b> Monday, September 26, 2016 4:07 PM<br>
<b>To:</b> rt-users <<a href="mailto:rt-users@lists.bestpractical.com" target="_blank">rt-users@lists.bestpractical.<wbr>com</a>><br>
<b>Subject:</b> [rt-users] Some users getting CSRF warnings when creating tickets?<u></u><u></u></span></p><div><div class="h5">
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<p class="MsoNormal">Hi all,<u></u><u></u></p>
</div>
<p class="MsoNormal">We're starting to have more people test RT now. Oddly, the two who just started trying it out get CSRF warnings when they try to make or update tickets, while no one else does. They are using Chrome, but so is a guy who is *not* getting
the warnings. We're all in the same building, thus on the same network. Any idea why this might be happening? My Nginx log for RT doesn't include anything about this, and my RT log is empty. Thanks.<br clear="all">
<u></u><u></u></p>
<div>
<div>
<div>
<p class="MsoNormal"><br>
-- <u></u><u></u></p>
<div>
<div>
<div>
<div>
<p class="MsoNormal">Alex Hall<u></u><u></u></p>
</div>
<p class="MsoNormal">Automatic Distributors, IT department<u></u><u></u></p>
</div>
<p class="MsoNormal"><a href="mailto:ahall@autodist.com" target="_blank">ahall@autodist.com</a><u></u><u></u></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div></div></div>
</div>
</blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div>Alex Hall<br></div>Automatic Distributors, IT department<br></div><a href="mailto:ahall@autodist.com" target="_blank">ahall@autodist.com</a><br></div></div>
</div>