geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From xiam...@apache.org
Subject svn commit: r1341536 - in /geronimo/server/branches/3.0-beta/plugins/console: console-filter/src/main/java/org/apache/geronimo/console/filter/XSRFHandler.java console-portal-driver/src/main/webapp/WEB-INF/web.xml
Date Tue, 22 May 2012 15:40:13 GMT
Author: xiaming
Date: Tue May 22 15:40:12 2012
New Revision: 1341536

URL: http://svn.apache.org/viewvc?rev=1341536&view=rev
Log:
GERONIMO-6348 IE always send history headers to the server, that leads XSRFFilter exception
when formId in the history headers is the old one. So ignore another URI to workaround the
IE issue

Modified:
    geronimo/server/branches/3.0-beta/plugins/console/console-filter/src/main/java/org/apache/geronimo/console/filter/XSRFHandler.java
    geronimo/server/branches/3.0-beta/plugins/console/console-portal-driver/src/main/webapp/WEB-INF/web.xml

Modified: geronimo/server/branches/3.0-beta/plugins/console/console-filter/src/main/java/org/apache/geronimo/console/filter/XSRFHandler.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/plugins/console/console-filter/src/main/java/org/apache/geronimo/console/filter/XSRFHandler.java?rev=1341536&r1=1341535&r2=1341536&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/plugins/console/console-filter/src/main/java/org/apache/geronimo/console/filter/XSRFHandler.java
(original)
+++ geronimo/server/branches/3.0-beta/plugins/console/console-filter/src/main/java/org/apache/geronimo/console/filter/XSRFHandler.java
Tue May 22 15:40:12 2012
@@ -90,6 +90,8 @@ public class XSRFHandler
      * @return String if the session was invalid or null if OK
      */
     public boolean isInvalidSession(HttpServletRequest hreq) {
+        log.debug("The HttpServletRequest to be filtered: requestURL=" + hreq.getRequestURL()
+                + ", queryString=" + hreq.getQueryString());
         HttpSession hses = hreq.getSession(true);
         String uniqueId = getSession(hses);
 

Modified: geronimo/server/branches/3.0-beta/plugins/console/console-portal-driver/src/main/webapp/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/plugins/console/console-portal-driver/src/main/webapp/WEB-INF/web.xml?rev=1341536&r1=1341535&r2=1341536&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/plugins/console/console-portal-driver/src/main/webapp/WEB-INF/web.xml
(original)
+++ geronimo/server/branches/3.0-beta/plugins/console/console-portal-driver/src/main/webapp/WEB-INF/web.xml
Tue May 22 15:40:12 2012
@@ -37,7 +37,7 @@ limitations under the License.
     <filter-class>org.apache.geronimo.console.filter.XSSXSRFFilter</filter-class>
     <init-param>
        <param-name>xsrf.ignorePaths</param-name>
-       <param-value>/dojo/dojo/resources/blank.html</param-value>
+       <param-value>/dojo/dojo/resources/blank.html,portal/0/Welcome</param-value>
     </init-param>
   </filter>
   <filter-mapping>



Mime
View raw message