Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-56897

CSRF check always fails for plugins and WAB modules

    Details

    • Story Points:
      1
    • Fix Priority:
      5

      Description

      When trying to execute any action for a WAB/plugin portlet, the CSRF token check always fails. Non-wab OSGi modules work ok.

      Tested with:

      • Microblogs, Knowledge Base (plugins).
      • Polls, Wiki (WAB modules).

      To reproduce (using polls as an example):

      • Go to Admin > Content > Polls
      • Click on "Add" and insert valid data into the form
      • Save

      Expected: A new poll is correctly created
      Actual: The action has no effect, and the following message is shown in the logs: [SecurityPortletContainerWrapper:336] User 20195 is not allowed to access URL http://localhost:8080/group/control_panel/manage and portlet 25_WAR_pollsweb

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              ian.song Ian Song (Inactive)
              Reporter:
              adolfo.perez Adolfo Pérez
              Participants of an Issue:
              Recent user:
              Esther Sanz
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                4 years, 47 weeks, 3 days ago

                  Packages

                  Version Package
                  7.0.0 Beta 3