myfaces-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dinesh Kumar A S (JIRA)" <...@myfaces.apache.org>
Subject [jira] [Comment Edited] (MYFACES-4058) ProtectedViewException for a protectedview access while checking the OriginHeader for appContextPath
Date Tue, 19 Jul 2016 10:17:20 GMT

    [ https://issues.apache.org/jira/browse/MYFACES-4058?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15383897#comment-15383897
] 

Dinesh Kumar A S edited comment on MYFACES-4058 at 7/19/16 10:17 AM:
---------------------------------------------------------------------

Found one another hint, where in Chrome and Safari browsers are adding the Origin header even
for the same domain/origin-request. 
Refer below : 
http://stackoverflow.com/questions/15512331/chrome-adding-origin-header-to-same-origin-request

Apparently we did not receive the ProtectedViewException in Firefox or IE.

Let us know how we could handle this w.r.to Chrome browser using any JSF configuration/settings
(to skip Origin check., etc), if any.

Please note we are using Transient as True (Stateless) so we are trying to use protected-views
for POST requests too.



was (Author: asdinesh):
Found one another hint, where in Chrome and Safari browsers are adding the Origin header even
for the same domain/origin-request. 
Refer below : 
http://stackoverflow.com/questions/15512331/chrome-adding-origin-header-to-same-origin-request

Apparently we did not receive the ProtectedViewException in Firefox or IE.

Let us know how we could handle this w.r.to Chrome browser using any JSF configuration/settings
(to skip Origin check., etc), if any.


> ProtectedViewException for a protectedview access while checking the OriginHeader for
appContextPath
> ----------------------------------------------------------------------------------------------------
>
>                 Key: MYFACES-4058
>                 URL: https://issues.apache.org/jira/browse/MYFACES-4058
>             Project: MyFaces Core
>          Issue Type: Bug
>          Components: General
>    Affects Versions: 2.2.6
>         Environment: Windows, JSF 2.2
>            Reporter: Dinesh Kumar A S
>
> Getting ProtectedViewException while accessing a protectedview/xhtml, while checking
the OriginHeader for appContextPath..
> SO reference : http://stackoverflow.com/questions/38308431/jsf-2-2-protectedviewexception-due-to-origin-header-and-appcontextpath-mismatch
> Any help is much appreciated.
> Does the "Origin" request-header is supposed to have the appContextPath in the path/urlInfo
?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message