[
https://issues.apache.org/jira/browse/MYFACES-4058?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15383897#comment-15383897
]
Dinesh Kumar A S commented on MYFACES-4058:
-------------------------------------------
Found one another hint, where in Chrome and Safari browsers are adding the
Origin header even for the same domain/origin-request.
Refer below :
http://stackoverflow.com/questions/15512331/chrome-adding-origin-header-to-same-origin-request
Apparently we did not receive the ProtectedViewException in Firefox or IE.
Let us know how we could handle this w.r.to Chrome browser using any JSF
configuration/settings (to skip Origin check., etc), if any.
> ProtectedViewException for a protectedview access while checking the
> OriginHeader for appContextPath
> ----------------------------------------------------------------------------------------------------
>
> Key: MYFACES-4058
> URL: https://issues.apache.org/jira/browse/MYFACES-4058
> Project: MyFaces Core
> Issue Type: Bug
> Components: General
> Affects Versions: 2.2.6
> Environment: Windows, JSF 2.2
> Reporter: Dinesh Kumar A S
>
> Getting ProtectedViewException while accessing a protectedview/xhtml, while
> checking the OriginHeader for appContextPath..
> SO reference :
> http://stackoverflow.com/questions/38308431/jsf-2-2-protectedviewexception-due-to-origin-header-and-appcontextpath-mismatch
> Any help is much appreciated.
> Does the "Origin" request-header is supposed to have the appContextPath in
> the path/urlInfo ?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
