Issue:After exporting a report to any output format, the user is redirected to the TIBCO JasperReports® Server login page. Either of the following errors may be observed in the jasperserver.log/catalina.out: | [toc] |
YYYY-MM-DD 10:34:29,152 ERROR CsrfGuard,http-nio-80-exec-41:44 - potential cross-site request forgery (CSRF) attack thwarted (user:<anonymous>, ip:xxx.xxx.xxx.xxx, method:POST, uri:/jasperserver-pro/flow.html/flowFile/Report.pdf, error:request token does not match session token)
or
YYYY-MM-DD 14:18:44,001 ERROR CsrfGuard,http-nio-8070-exec-10:44 - potential cross-site request forgery (CSRF) attack thwarted (user:<anonymous>, ip:xxx.xxx.xxx.xxx, method:POST, uri:/jasperserver-pro/flow.html/flowFile/Report.pdf, error:required token is missing from the request
Solution:
An internet browser extension called LastPass was found to be the cause of this issue. The LastPass plugin appears to have altered the CSRF token during the export operation and hence the user was redirected to the login page.
Check the user's internet browser extensions to see whether the browser has the LastPass plugin installed and if it exists, then the solution is to disable the extension.
Note: Although we have identified that the LastPass is causing issues with CSRF token, the cause of the issue may not be limited to LastPass. If LastPass was not installed it is worthwhile to check other non-standard extensions that have been installed that may have interfered with the CSRF token.
LastPass is a common browser extension and TIBCO has an enhancement request filed for this issue (see Related Articles).
Related Articles:
JS-38127: CSRF Guard lib does not play nicely with LastPass browser extension
Recommended Comments
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now