tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian" <brian...@emailbb.com>
Subject RE: Sporadic HTTP 403 returned by Tomcat when this should not happen ever. How to find out why this happens?
Date Fri, 06 Feb 2015 10:21:29 GMT
Hello Mark,

1- No authentication at all, since the user authenticates sending a parameter in the query
string.

2- I have two filters: "org.tuckey.web.filters.urlrewrite.UrlRewriteFilter" (which has been
working fine for years now) and.... CORS, yes!!!
Actually, the CORS filter (org.apache.catalina.filters.CorsFilter) is the first filter in
my web.xml file, so it is the first to run.
This is the way I have configured it:

  <filter>
    <filter-name>CorsFilter</filter-name>
    <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
    <init-param>
      <param-name>cors.allowed.origins</param-name>
      <param-value>*</param-value>
    </init-param>
    <init-param>
      <param-name>cors.support.credentials</param-name>
      <param-value>false</param-value>
    </init-param>
  </filter>
  <filter-mapping>
    <filter-name>CorsFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

I added the CORS filter probably two months ago, and probably I have started seen the 403
errors since then, yes!
And now that I think about it, probably it is the CORS filter the reason of the 403 indeed,
since my API is being called not only from servers but also from Javascript running in all
kind of browsers and maybe some of them don't deal with CORS properly. That would explain
why the 403s happens ocasionally. In fact, I see this 403 ocurring in most of the cases by
one specific user (authenticated by a parameter in the query string) that calls my API from
javacript!

In what conditions does this filter return a 403 error? What are the Headers involved when
that happens? How can I avoid this problem? Where (on the internet) can I learn more about
this specific problem?

Thanks Mark!

	

> -----Original Message-----
> From: Mark Thomas [mailto:markt@apache.org]
> Sent: viernes, 06 de febrero de 2015 04:47 a.m.
> To: Tomcat Users List
> Subject: Re: Sporadic HTTP 403 returned by Tomcat when this should not
> happen ever. How to find out why this happens?
> 
> On 05/02/2015 23:14, Brian wrote:
> > Hello David,
> >
> > Not, it is not the case. No exceptions whatsoever. And about 1/100 (or less) of
> the requests return a 403 to the users, and all those requests are doing the same
> thing.
> > Thanks a lot for your help!
> 
> Is any authentication configured for this web application?
> 
> What filters are configured (the CORS filter might return a 403 for
> example)?
> 
> Mark
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message