Forbidden (403) CSRF verification failed. Request aborted.

[jobdiogenes]

After trying to run a Report I receive the following message:

PS: using developing trunk.

Help Reason given for failure: CSRF token missing or incorrect.

In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure: Your browser is accepting cookies. The view function passes a request to the template's render method. In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL. If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data. The form has a valid CSRF token. After logging in in another browser tab or hitting the back button after a login, you may need to reload the page with the form, because the token is rotated after a login. You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed. You can customize this page using the CSRF_FAILURE_VIEW setting.

[garrettgirard]

Haven't gotten this error on any reports I've generated. Seems to be resolved.

[garrettgirard]

VIMS Fish (we're hosting) is still having this issue.

[benanhalt]

Has this happened at all in the past year to anyone's knowledge?

[yvonneekanim]

I'm not getting the exact error but I haven't been able to run any invoices (loan,gift,borrow). Labels run just fine.

Environment:

Request Method: POST Request URL: http://db3.biwebdbtest.nhm.ku.edu/report_runner/run/

Django Version: 1.10.2 Python Version: 2.7.3 Installed Applications: ('django.contrib.sessions', 'django.contrib.staticfiles', 'django.contrib.contenttypes', 'django.contrib.auth', 'specifyweb.specify', 'specifyweb.stored_queries', 'specifyweb.businessrules', 'specifyweb.express_search', 'specifyweb.context', 'specifyweb.attachment_gw', 'specifyweb.frontend', 'specifyweb.barvis', 'specifyweb.report_runner', 'specifyweb.interactions', 'specifyweb.workbench', 'specifyweb.notifications', 'specifyweb.export', 'raven.contrib.django.raven_compat') Installed Middleware: (u'raven.contrib.django.middleware.SentryMiddleware', 'django.middleware.gzip.GZipMiddleware', 'django.middleware.common.CommonMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'specifyweb.context.middleware.ContextMiddleware')

Traceback:

File "/home/anhalt/specify7-develop/virtualenv/lib/python2.7/site-packages/django/core/handlers/exception.py" in inner

39. response = get_response(request)

File "/home/anhalt/specify7-develop/virtualenv/lib/python2.7/site-packages/django/core/handlers/base.py" in _legacy_get_response

249. response = self._get_response(request)

File "/home/anhalt/specify7-develop/virtualenv/lib/python2.7/site-packages/django/core/handlers/base.py" in _get_response

187. response = self.process_exception_by_middleware(e, request)

File "/home/anhalt/specify7-develop/virtualenv/lib/python2.7/site-packages/django/core/handlers/base.py" in _get_response

185. response = wrapped_callback(request, *callback_args, **callback_kwargs)

File "/home/anhalt/specify7-develop/virtualenv/lib/python2.7/site-packages/django/views/decorators/http.py" in inner

40. return func(request, *args, **kwargs)

File "/home/anhalt/specify7-develop/specifyweb/specify/views.py" in wrapped

22. return view(request, *args, **kwargs)

File "/home/anhalt/specify7-develop/specifyweb/report_runner/views.py" in run

46. raise ReportException(r.text)

Exception Type: ReportException at /report_runner/run/ Exception Value:

HTTP ERROR 500

Problem accessing /report. Reason:

    Server Error

Caused by:

net.sf.jasperreports.engine.JRException: Byte data not found at: undefined?coll=&type=O&filename=beda3c2e-01e4-45a8-a68e-c9947f3720db.jpg&downloadname=&token=.
    at net.sf.jasperreports.repo.RepositoryUtil.getBytesFromLocation(RepositoryUtil.java:210)
    at net.sf.jasperreports.renderers.util.RendererUtil.getNonLazyRenderable(RendererUtil.java:145)
    at net.sf.jasperreports.engine.fill.JRFillImage.evaluateImage(JRFillImage.java:534)
    at net.sf.jasperreports.engine.fill.JRFillImage.evaluate(JRFillImage.java:478)
    at net.sf.jasperreports.engine.fill.JRFillElementContainer.evaluate(JRFillElementContainer.java:381)
    at net.sf.jasperreports.engine.fill.JRFillBand.evaluate(JRFillBand.java:500)
    at net.sf.jasperreports.engine.fill.JRVerticalFiller.fillTitle(JRVerticalFiller.java:311)
    at net.sf.jasperreports.engine.fill.JRVerticalFiller.fillReportStart(JRVerticalFiller.java:247)
    at net.sf.jasperreports.engine.fill.JRVerticalFiller.fillReport(JRVerticalFiller.java:115)
    at net.sf.jasperreports.engine.fill.JRBaseFiller.fill(JRBaseFiller.java:580)
    at net.sf.jasperreports.engine.fill.BaseReportFiller.fill(BaseReportFiller.java:414)
    at net.sf.jasperreports.engine.fill.JRFiller.fill(JRFiller.java:121)
    at net.sf.jasperreports.engine.JasperFillManager.fill(JasperFillManager.java:667)
    at net.sf.jasperreports.engine.JasperFillManager.fillReport(JasperFillManager.java:983)
    at edu.ku.brc.specify.reports.ReportServlet.doPost(ReportServlet.java:47)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:755)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
    at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:684)
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:503)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
    at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557)
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:429)
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
    at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
    at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:154)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
    at org.eclipse.jetty.server.Server.handle(Server.java:370)
    at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494)
    at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:982)
    at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1043)
    at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865)
    at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
    at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:696)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:53)
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
    at java.lang.Thread.run(Thread.java:748)

---

Powered by Jetty://

[benanhalt]

This is also being caused by #482. I think the fact that is working for labels indicates the original issues has not reemerged.