CSRF token missing in Studio after upgrade to Maple

edunomic · March 12, 2022, 7:17pm

Studio seems to be really finnicky since upgrading. When I go into a course the content will spin endlessly, and refreshing sometimes fixes it. Pages like the Schedule page are missing a submit button, and pressing Enter to submit throws a CSRF token missing error:

cms_1                        | 2022-03-12 19:11:25,191 INFO 7 [tracking] [user 6] [ip 72.218.28.34] logger.py:41 - {"name": "/settings/details/course-v1:Edunomic+BC103+2021_Q4", "context": {"user_id": 6, "path": "/settings/details/course-v1:Edunomic+BC103+2021_Q4", "course_id": "", "org_id": "", "enterprise_uuid": ""}, "username": "steve.karam", "session": "8bd57f941994af5f138a32241c136ecc", "ip": "72.218.28.34", "agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36", "host": "studio.edunomic.academy", "referer": "https://studio.edunomic.academy/settings/details/course-v1:Edunomic+BC103+2021_Q4", "accept_language": "en-US,en;q=0.9", "event": "{\"GET\": {}, \"POST\": {\"submit\": [\"submit\"]}}", "time": "2022-03-12T19:11:25.191026+00:00", "event_type": "/settings/details/course-v1:Edunomic+BC103+2021_Q4", "event_source": "server", "page": null}
cms_1                        | 2022-03-12 19:11:25,280 WARNING 7 [django.security.csrf] [user 6] [ip 72.218.28.34] log.py:224 - Forbidden (CSRF token missing or incorrect.): /settings/details/course-v1:Edunomic+BC103+2021_Q4
caddy_1                      | {"level":"error","ts":1647112285.2869003,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_addr":"72.218.28.34:63678","proto":"HTTP/2.0","method":"POST","host":"studio.edunomic.academy","uri":"/settings/details/course-v1:Edunomic+BC103+2021_Q4","tls":{"resumed":true,"version":772,"cipher_suite":4865,"proto":"h2","proto_mutual":true,"server_name":"studio.edunomic.academy"}},"user_id":"","duration":0.10990329,"size":1019,"status":403}
cms_1                        | [pid: 7|app: 0|req: 11/32] 172.18.0.6 () {66 vars in 1663 bytes} [Sat Mar 12 19:11:25 2022] POST /settings/details/course-v1:Edunomic+BC103+2021_Q4 => generated 1019 bytes in 109 msecs (HTTP/1.1 403) 6 headers in 327 bytes (1 switches on core 0)

My LMS domain is lms.edunomic.academy, and Studio is studio.edunomic.academy. I’m hoping none of this is related to my Richie configuration (running at the edunomic.academy top level). There are currently no CORS or CSRF-impacting custom plugins enabled.

regis · March 14, 2022, 12:13pm

Hi,

How exactly can we reproduce this issue? (I went to the CMS “Schedule & Details”, modified the course start time, and it worked, so I failed to reproduce your issue)
What version of Tutor/Richie are you running? Did you make any change related to this issue?
Do you have a csrf_token cookie in the Studio? If yes, is it sent in your request to the server? (Browser console screenshots would help here)

edunomic · March 14, 2022, 1:19pm

Thanks Regis. I think it may have been related to some of the earlier changes I’d made in that issue (not the later suggestions), because multiple areas began failing after quickstart. I ended up reverting to a backup on lilac so I can do a clean upgrade to maple and resolve some of these connectivity issues.

system · June 12, 2022, 1:19pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.