wicket-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Maxim Solodovnik <solomax...@gmail.com>
Subject Re: WebSockets and CsrfPreventionRequestCycleListener
Date Mon, 15 May 2017 05:54:28 GMT
Hello Martin,

were you able to take a look at it?
I was hoping to have M6 with working Csrf+WebSockets ....

On Fri, May 12, 2017 at 4:45 PM, Maxim Solodovnik <solomax666@gmail.com> wrote:
> Thanks a million, Martin :)
>
> On Fri, May 12, 2017 at 4:34 PM, Martin Grigorov <mgrigorov@apache.org> wrote:
>> Hi Maxim,
>>
>> I don't use this combination.
>> But I will try to test it soon and see what can be done.
>>
>> Martin Grigorov
>> Wicket Training and Consulting
>> https://twitter.com/mtgrigorov
>>
>> On Fri, May 12, 2017 at 11:00 AM, Maxim Solodovnik <solomax666@gmail.com>
>> wrote:
>>
>>> Does anybody uses this filter?
>>>
>>> On Thu, May 11, 2017 at 10:44 AM, Maxim Solodovnik <solomax666@gmail.com>
>>> wrote:
>>> > Hello All,
>>> >
>>> > just have tried to add CsrfPreventionRequestCycleListener to our
>>> application
>>> > everything seems to work except for Websockets :(
>>> >
>>> > Now I'm getting
>>> >
>>> > [INFO] [http-nio-0.0.0.0-5080-exec-9]
>>> > org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener -
>>> > Possible CSRF attack, request URL:
>>> > /openmeetings/wicket/websocket?pageId=1&wicket-
>>> ajax-baseurl=&wicket-app-name=OpenmeetingsApplication,
>>> > Origin: null, action: aborted with error 400 Origin does not
>>> > correspond to request
>>> > [WARN] [http-nio-0.0.0.0-5080-exec-9]
>>> > org.apache.wicket.protocol.ws.api.WebSocketResponse - An HTTP error
>>> > response in WebSocket communication would not be processed by the
>>> > browser! If you need to send the error code and message to the client
>>> > then configure custom WebSocketResponse via
>>> > WebSocketSettings#newWebSocketResponse() factory method and override
>>> > #sendError() method to write them in an appropriate format for your
>>> > application. The ignored error code is '400' and the message: 'Origin
>>> > does not correspond to request'.
>>> >
>>> > in the logs ...
>>> > What should I do to set Origin for Websockets?
>>> >
>>> > --
>>> > WBR
>>> > Maxim aka solomax
>>>
>>>
>>>
>>> --
>>> WBR
>>> Maxim aka solomax
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>
>>>
>
>
>
> --
> WBR
> Maxim aka solomax



-- 
WBR
Maxim aka solomax

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org


Mime
View raw message