Product/components used and version/fix level:
Cumulocity Instance on eu-latest
{{url}}/tenant/system/options/system/version
{
"category": "system",
"value": "1020.73.0",
"key": "version"
}
Detailed explanation of the problem:
Hello Tech Community, can someone tell me what this error message means? I got it this morning when loggin into the cumulocity admin application of my tenant.
Error messages / full error message screenshot / log file:
{
"error": "security/Unauthorized",
"message": "xsrf attack detected",
"info": "https://www.cumulocity.com/guides/reference/rest-implementation//#a-name-error-reporting-a-error-reporting"
}
Question related to a free trial, or to a production (customer) instance?
Research Instance
Hi @Yannick_Meinberg
This message refers to: Cross-site request forgery - Wikipedia
To prevent these attacks, every request to the Cumulocity API needs to include the X-XSRF-TOKEN header, in addition to the authorization token that is by default included in the cookie being sent. The value for the X-XSRF-TOKEN header is taken from the XSRF-TOKEN cookie that is set during login on the client.
Is the Administration application that you have opened the standard application or have you performed any modifications to it (e.g. uploaded a custom build or installed a plugin to it)? Can you check which of the requests to the backend is failing with this error in your browsers network tools?
Regards,
Tristan
Hi @Tristan_Bastian,
yes i already figured it’s something about this token but i wasn’t able to pin down the source of the problem.
I did use the default application, but I’m not able to reproduce the error anymore. Maybe it was just a glitch with some cache i guess?
Best regards
Yannick