Details
-
Bug
-
Resolution: Fixed
-
Minor
-
2.3.0
-
None
Description
----Original Message----
From: grouper-users-request On Behalf Of Peter DiCamillo
Sent: Wednesday, December 07, 2016 10:16 AM
To: grouper-users
Subject: [grouper-users] Admin UI CSRF error adding subject from workspace
In Grouper 2.3, I get a CSRF error if I use "Add Members" for a group,
and then use "Add privileges to entities in the entity workspace". The
log indicated the bad URI was uri:/grouper/assignSavedSubjects.do, and I
was able to fix it by adding this line to
Owasp.CsrfGuard.overlay.properties:
org.owasp.csrfguard.unprotected.GrouperStrutsassignSavedSubject=%servletContext%/assignSavedSubjects.do
Peter