Bug 719632

Summary: Satellite 5.4.1: System Search UI returns 403 error "Request does not contain a CSRF security token" after applying errata
Product: [Community] Spacewalk Reporter: Milan Zázrivec <mzazrivec>
Component: WebUIAssignee: Milan Zázrivec <mzazrivec>
Status: CLOSED CURRENTRELEASE QA Contact: Red Hat Satellite QA List <satqe-list>
Severity: high Docs Contact:
Priority: urgent    
Version: 1.5CC: cperry, slukasik, xdmoon
Target Milestone: ---Keywords: Regression
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 719504 Environment:
Last Closed: 2011-07-21 14:43:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 719504, 722460    
Bug Blocks: 695242    

Description Milan Zázrivec 2011-07-07 14:20:01 UTC 
+++ This bug was initially created as a clone of Bug #719504 +++

Description of problem:
Cu is getting 403 / "Request does not contain a CSRF security token" error when searching in the webUI after applying https://rhn.redhat.com/errata/RHSA-2011-0879.html, which addresses https://bugzilla.redhat.com/show_bug.cgi?id=529483. 
From customer: "For example if I simply opened system group I can select all systems in a list or go to the next page. But if the same systems were found with search : Go, Display, Update List,Select All buttons [on the search results page] give me 403 error."

Version-Release number of selected component (if applicable):
Red Hat Network (RHN) Satellite 5.4.1

How reproducible:
Always.

Steps to Reproduce:
1. Have a satellite with https://rhn.redhat.com/errata/RHSA-2011-0879.html applied (i.e., Satellite 5.4.1).
2. Enter a search term in web UI that results in some systems being found - e.g., use System Search with string "dhcp".
3. On the resulting results page with some systems found, try to click on any of the buttons: Go, Display, Update List, Select All.

Actual results:
"HTTP Status 403 - Request does not contain a CSRF security token

type Status report

message Request does not contain a CSRF security token

description Access to the specified resource (Request does not contain a CSRF security token) has been forbidden.
Apache Tomcat/6.0.24"

Expected results:
No error, operation succeeds.

Additional info:
N/A
Comment 1 Milan Zázrivec 2011-07-07 14:22:44 UTC 
spacewalk.git master: 416385d5d8fbda23ccf3af506e790ffae330e3e5
Comment 2 Jan Pazdziora 2011-07-19 19:36:41 UTC 
This bugzilla is currently MODIFIED, so we believe the fix is in the Spacewalk nightly yum repository at http://spacewalk.redhat.com/yum/nightly/

Therefore, moving ON_QA.
Comment 3 Jan Pazdziora 2011-07-21 14:43:07 UTC 
Spacewalk 1.5 was released.