archiva-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Stockhammer <marti...@apache.org>
Subject Re: [VOTE] Apache Archiva 2.2.2
Date Tue, 25 Apr 2017 09:01:03 GMT
Yes, you are right. This should be fixed. Currently I don't know why the host name doesn't
match, but will try to reproduce. Had no reverse proxy environment to check this thoroughly.

But that means I need to create a new version, right? 

Cheers

Martin





Am 25. April 2017 09:51:06 MESZ schrieb Olivier Lamy <olamy@apache.org>:
>Hi
>Yes it's behind a reverse proxy
>logs says
>
>2017-04-25 07:39:21,524 [qtp1564314458-63] WARN
>org.apache.archiva.redback.rest.services.interceptors.RequestValidationInterceptor
>[] - Referer Header Host does not match refererUrl=
>https://archiva-repository.apache.org/archiva/index.html?request_lang=en,
>targetUrl=http://archiva-repository.apache.org,
>archiva-repository.apache.org
>
>The security.properties contains
>
>rest.baseUrl=https://archiva-repository.apache.org  (I tried with https
>as
>well)
>
>The referer header has value:
>https://archiva-repository.apache.org/archiva/index.html?request_lang=en
>
>Activating debug:
>
>2017-04-25 07:49:00,570 [qtp749705282-29] DEBUG
>org.apache.archiva.redback.rest.services.interceptors.RequestValidationInterceptor
>[] - Referer Header URL found:
>https://archiva-repository.apache.org/archiva/index.html?request_lang=en
>
>2017-04-25 07:49:00,571 [qtp749705282-29] WARN
>org.apache.archiva.redback.rest.services.interceptors.RequestValidationInterceptor
>[] - Referer Header Host does not match refererUrl=
>https://archiva-repository.apache.org/archiva/index.html?request_lang=en,
>targetUrl=http://archiva-repository.apache.org,
>archiva-repository.apache.org
>
>2017-04-25 07:49:00,571 [qtp749705282-29] WARN
>org.apache.archiva.redback.rest.services.interceptors.RequestValidationInterceptor
>[] - HTTP Header check failed. Assuming CSRF attack.
>
>
>Well I can disable that but I'd like to not have too many users
>complaining
>:-)
>
>On 25 April 2017 at 16:54, Martin Stockhammer <martin_s@apache.org>
>wrote:
>
>> Hi,
>>
>> It's behind a reverse proxy or something similar?
>> I think it's the request url. It is determined automatically. But you
>can
>> set a redback configuration property.
>> In security.properties set
>> rest.baseUrl=http://archiva-repository.apache.org
>>
>> Cheers
>>
>> Martin
>>
>>
>> Am 25. April 2017 01:59:29 MESZ schrieb Olivier Lamy
><olamy@apache.org>:
>>>
>>> Hi Martin,
>>> Thanks for your effort with the release!!
>>> Works fine locally, all sigs are ok!
>>> I installed the version for
>https://archiva-repository.apache.org/archiva/
>>> but I have a problem as cannot log anymore because some REST
>resources are
>>> marked as 403.
>>> In this particular case:
>>>
>https://archiva-repository.apache.org/archiva/restServices/archivaServices/commonServices/getAllI18nResources
>>> Any idea?
>>>
>>> On 24 April 2017 at 05:01, Martin <martin_s@apache.org> wrote:
>>>
>>>  Hi,
>>>>
>>>>  I think I now have everything ready and I'd like to release Apache
>Archiva
>>>>  2.2.2
>>>>
>>>>  Note this vote include some parent poms, and redback core.
>>>>
>>>>  We fixed these issues:
>>>>  https://issues.apache.org/jira/secure/ReleaseNote.jspa?
>>>>  projectId=12316920&version=12335832
>>>>
>>>>  The staging repository is available here:
>>>>  https://archiva-repository.apache.org/archiva/repository/
>>>>  archiva-releases-stage/
>>>>
>>>>  Dist artifacts here:
>https://dist.apache.org/repos/dist/dev/archiva/
>>>>
>>>>  Vote open for 72H
>>>>  [+1]
>>>>  [0]
>>>>  [-1]
>>>>
>>>>  Greetings
>>>>  --
>>>>  Martin Stockhammer
>>>
>>>
>>>
>>>
>>>
>> --
>> Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
>>
>
>
>
>-- 
>Olivier Lamy
>http://twitter.com/olamy | http://linkedin.com/in/olamy

-- 
Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
Mime
  • Unnamed multipart/alternative (inline, 7-Bit, 0 bytes)
View raw message