This week's book giveaways are in the Refactoring and Agile forums.
We're giving away four copies each of Re-engineering Legacy Software and Docker in Action and have the authors on-line!
See this thread and this one for details.
Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

cross domain error

 
Sankarsan Padhy
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

i am deploying an ear file to weblogic 11g. It deploys successfully but is throwing an error as below while accessing the application.


[org.directwebremoting.dwrp.Batch] ERROR 15:24:38,703: A request has been denied as a potential CSRF attack.

Please help me if you have encountered like this anytime before.

Thanks
Sankarsan
 
Suraj Jadhav
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The ear file that you are deploying is using CSRF Guard feature. CSRF guard is feature that avoids Cross Site Scripting. On accessing the application, CSRF Guard generates one random token and appends it to the URL of application which cannot be tempered. You can disable this feature by disabling it into its configuration property if you really don't want this feature.

You can get more details about this on https://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic