During a review of a solution we were delivering on Sitecore 7.1 Update 2 (rev 140324), our Page Editor dialogs no longer allowed users to expand tree lists when adding components. On the server, the logs were showing a CSRF exception, specifically that a CSRF form field was missing.
6708 16:19:44 ERROR Application error.
Message: CSRF form field is missing.
at Sitecore.Security.AntiCsrf.SitecoreAntiCsrfModule.RaiseError(Exception ex, HttpContext context)
at Sitecore.Security.AntiCsrf.SitecoreAntiCsrfModule.PreRequestHandlerExecute(Object sender, EventArgs e)
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
I discovered that the root cause of this is a missing line in the Sitecore.AntiCsrf.config file which seems to have disappeared from 7.1 as of revision 140130.
Previous versions of the file contained a line to ignore the TreeviewEx:
<ignore contains="TreeviewEx" />
In order to fix this in your installation, you can use a configuration file like the following to patch in the value.:
<ignore patch:before=”ignore[@contains='InstantSearch']” contains=”TreeviewEx” />
We have all seen the magical project plans that have no grounding in reality. Schedules are far too aggressive, scope is beyond what the team can handle, not enough resources available to properly run the team… all to meet some magical “hard deadline” that has been imposed seemingly without any reason.
The folks in charge of these plans are not evil – they may just have somebody enforcing a deadline on them and are trying every possible thing to draw a picture to meet that deadline so they don’t get fired. These people are members of our team and we cannot leave them struggling alone. As architects and technical subject matter experts, we need to help our team members make their complete nutbar of a project plan into something that makes sense in the real world we live in.
Continue reading “How I know a project plan is total nutbars… and how it can be fixed”
Over time, our team has realized that when we are speaking to a client about publishing in Sitecore, we may not all be talking about the same thing. There really are three “publish” contexts that a client may be referring to: workflow approval, web database publishing, and content delivery cache clearing. Trying to make this clear to a client isn’t always easy.
But it can be!
Continue reading “Sitecore publishing: what does it mean?”