Quantcast

I'm getting:A request has been denied as a potential CSRF attack.

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

I'm getting:A request has been denied as a potential CSRF attack.

robertsmme
Hi,
  I have started working with DWR and TIBCO deployed using Jetty under OSGI control.

  I have had it working and I thought things were good, but for some reason I am now getting the CSRF error.

  I have tried it with IE6 and Firefox latest.

  I am running the IDE from a file system and then using the "Run Project From HTTP..." to run the actual app.  I have successfull done a simple call, but then I seen to have got this error.

  Can you please help.

Martin
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: I'm getting:A request has been denied as a potential CSRF attack.

David Marginian
Martin,
   I am not sure about your exact configuration but it sounds like you
have an HTTP server that is forwarding requests to your java-web
container. If this is the case by default DWR will disallow this.

http://getahead.org/dwr/server/servlet
Take a look at this parameter: crossDomainSessionSecurity - Try setting
this to false in web.xml.


robertsmme wrote:

> Hi,
>   I have started working with DWR and TIBCO deployed using Jetty under OSGI
> control.
>
>   I have had it working and I thought things were good, but for some reason
> I am now getting the CSRF error.
>
>   I have tried it with IE6 and Firefox latest.
>
>   I am running the IDE from a file system and then using the "Run Project
> >From HTTP..." to run the actual app.  I have successfull done a simple call,
> but then I seen to have got this error.
>
>   Can you please help.
>
> Martin
>  

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: I'm getting:A request has been denied as a potential CSRF attack.

robertsmme
David,
  I have switch it off and the problem has gone away.  As I am running in OSGI I am not sure what the Jetty server is doing with the requests.  What surprises me is that it has worked without switching the checking off.

Martin


David Marginian wrote
Martin,
   I am not sure about your exact configuration but it sounds like you
have an HTTP server that is forwarding requests to your java-web
container. If this is the case by default DWR will disallow this.

http://getahead.org/dwr/server/servlet
Take a look at this parameter: crossDomainSessionSecurity - Try setting
this to false in web.xml.
Loading...