[rt-users] Some users getting CSRF warnings when creating tickets?

Alex Hall ahall at autodist.com
Tue Sep 27 09:17:47 EDT 2016


That makes me wonder: would having two subdomains do it? I have
tickets.domain.com and rt.domain.com both going to the same thing, but
rt.autodist.com is the actual domain in the configuration files. I wonder
if starting from tickets.domain.com would cause this warning, as the
browser sees one domain trying to do action on what it thinks is a
different one? I'll have people stick to rt.domain.com and see if that
makes a difference.

On Tue, Sep 27, 2016 at 8:23 AM, Sean Cwiek <cwieks at mcls.org> wrote:

> Hey Alex,
>
>
>
> We’ve seen this when users are jumping between the http and https versions
> of our RT instance.  Advising everyone to login at the https address seemed
> to resolve it for us.
>
>
>
> Thanks.
>
>
>
> -Sean
>
>
>
> *From:* rt-users [mailto:rt-users-bounces at lists.bestpractical.com] *On
> Behalf Of *Alex Hall
> *Sent:* Monday, September 26, 2016 4:07 PM
> *To:* rt-users <rt-users at lists.bestpractical.com>
> *Subject:* [rt-users] Some users getting CSRF warnings when creating
> tickets?
>
>
>
> Hi all,
>
> We're starting to have more people test RT now. Oddly, the two who just
> started trying it out get CSRF warnings when they try to make or update
> tickets, while no one else does. They are using Chrome, but so is a guy who
> is *not* getting the warnings. We're all in the same building, thus on the
> same network. Any idea why this might be happening? My Nginx log for RT
> doesn't include anything about this, and my RT log is empty. Thanks.
>
>
> --
>
> Alex Hall
>
> Automatic Distributors, IT department
>
> ahall at autodist.com
>



-- 
Alex Hall
Automatic Distributors, IT department
ahall at autodist.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20160927/09bc6c77/attachment.htm>


More information about the rt-users mailing list