Discussion:
ServerPac download reports CSRF attack
(too old to reply)
Barbara Nitz
2018-01-12 09:35:08 UTC
Permalink
I took a chance (since a colleague had set up internet access directly from the host) and ordered z/OS 2.3 via ShopZ as downloadable from internet.
The only browser I can use is Chrome, and I cannot change anything in the settings (corporate mandate). IE will not even let me log in to ShopZ.

Yesterday I managed (at some point during the day) to download the pdf that contains the instructions to install my order. I am not sure anymore, but I think the www-304 website got redirected to some 'mulberry' name (or similar).
Today I got to the download page, but I cannot open the 'installation documentation' link. If I open in a new window, I get a 404. If I open in the same window, an IBM webpage comes back telling me in red "Error: CSRF attack detected" (cross site request forgery).
Same goes for all the other links except the two that I had downloaded yesterday (when both methods worked).

Effectively I am unable to download anything, so I still have no clue how to get the serverpac dialogs in the first place. (I noticed sometime in December that John Eells had sent me some docs to this id - that I never check for emails! - thanks John - I haven't looked at that doc since I was at home and on vacation.)

Has anyone else experienced this? (I have sent an email to ***@dk.ibm.com who promptly forwarded it to level2)

Barbara

PS: I have reordered to be delivered via DVD. I either run into this problem or something else. Yesterday ShopZ gave me http500 internal server error in my morning and in the afternoon. Today it's this. What was it with tool reliability?

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Richards, Robert B.
2018-01-12 09:49:04 UTC
Permalink
Barbara,

I get the "Error: CSRF attack detected" frequently if I am doing a page refresh too quickly or trying to navigate backwards and it doesn't want to let me do it. I end up
re-driving the url again and all is well. All this on FireFox.

You might try Lvl2 support. Here is one person that has replied before from there: Hoa A Pham <***@us.ibm.com> on behalf of SWG ESW ShopCatL2 Support <***@dk.ibm.com>

Bob


-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-***@LISTSERV.UA.EDU] On Behalf Of Barbara Nitz
Sent: Friday, January 12, 2018 4:36 AM
To: IBM-***@LISTSERV.UA.EDU
Subject: ServerPac download reports CSRF attack

I took a chance (since a colleague had set up internet access directly from the host) and ordered z/OS 2.3 via ShopZ as downloadable from internet.
The only browser I can use is Chrome, and I cannot change anything in the settings (corporate mandate). IE will not even let me log in to ShopZ.

Yesterday I managed (at some point during the day) to download the pdf that contains the instructions to install my order. I am not sure anymore, but I think the www-304 website got redirected to some 'mulberry' name (or similar).
Today I got to the download page, but I cannot open the 'installation documentation' link. If I open in a new window, I get a 404. If I open in the same window, an IBM webpage comes back telling me in red "Error: CSRF attack detected" (cross site request forgery).
Same goes for all the other links except the two that I had downloaded yesterday (when both methods worked).

Effectively I am unable to download anything, so I still have no clue how to get the serverpac dialogs in the first place. (I noticed sometime in December that John Eells had sent me some docs to this id - that I never check for emails! - thanks John - I haven't looked at that doc since I was at home and on vacation.)

Has anyone else experienced this? (I have sent an email to ***@dk.ibm.com who promptly forwarded it to level2)

Barbara

PS: I have reordered to be delivered via DVD. I either run into this problem or something else. Yesterday ShopZ gave me http500 internal server error in my morning and in the afternoon. Today it's this. What was it with tool reliability?

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Barbara Nitz
2018-01-12 10:07:05 UTC
Permalink
Post by Richards, Robert B.
I get the "Error: CSRF attack detected" frequently if I am doing a page refresh too quickly or trying to navigate backwards and it doesn't want to let me do it. I end up
re-driving the url again and all is well. All this on FireFox.
Thanks Bob,

that did the trick! I am now in possession of the job to download/install the CPP dialogs. I frequently use the back button, I did not use refresh. BTW: Redriving the page got me a 404 error. I had to start from the very beginning of ShopZ again.

What a crappy setup of ShopZ. They do NOT provide backlinks on every page but they cannot deal with someone using the back button, effectively restricting functionality. So much for good programming!

Barbara

ps: My ticket was forwarded to LvL2, so I'll probably find your answer next week from Lvl2! :-)

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Richards, Robert B.
2018-01-12 10:14:15 UTC
Permalink
Barbara,

You are most welcome, I am glad you got it to work! :-)

Good luck with the ServerPac. I'll probably be there in a few weeks or so, if manager approves.

Bob

-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-***@LISTSERV.UA.EDU] On Behalf Of Barbara Nitz
Sent: Friday, January 12, 2018 5:08 AM
To: IBM-***@LISTSERV.UA.EDU
Subject: Re: ServerPac download reports CSRF attack
Post by Richards, Robert B.
I get the "Error: CSRF attack detected" frequently if I am doing a page
refresh too quickly or trying to navigate backwards and it doesn't want to let me do it. I end up re-driving the url again and all is well. All this on FireFox.
You might try Lvl2 support. Here is one person that has replied before
Thanks Bob,

that did the trick! I am now in possession of the job to download/install the CPP dialogs. I frequently use the back button, I did not use refresh. BTW: Redriving the page got me a 404 error. I had to start from the very beginning of ShopZ again.

What a crappy setup of ShopZ. They do NOT provide backlinks on every page but they cannot deal with someone using the back button, effectively restricting functionality. So much for good programming!

Barbara

ps: My ticket was forwarded to LvL2, so I'll probably find your answer next week from Lvl2! :-)

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Loading...