Subsonic Forum

forum.subsonic.org
http://forum.subsonic.org/forum/

A request has been denied as a potential CSRF attack.

http://forum.subsonic.org/forum/viewtopic.php?f=2&t=10823

Page 1 of 1

A request has been denied as a potential CSRF attack.

PostPosted: Sat Nov 24, 2012 2:02 pm
by doahh
This is a new install in Tomcat 7. I found this thread that discusses how to handle the various issues with running in Tomcat 7 but I can't find anything about the CSRF attack. Does anyone have any suggestions?

ERROR org.directwebremoting.dwrp.BaseDwrpHandler - A request has been denied as a potential CSRF attack

Re: A request has been denied as a potential CSRF attack.

PostPosted: Sat Nov 24, 2012 2:11 pm
by doahh
Add this to web.xml:

<init-param>
<param-name>crossDomainSessionSecurity</param-name>
<param-value>false</param-value>
</init-param>


It looks like that is side stepping some security but it works. If anyone knows a better solution than I would like to hear it.

Re: A request has been denied as a potential CSRF attack.

PostPosted: Tue Oct 22, 2013 1:44 pm
by pdicresc
This helped. Thank you, doahh!
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/