[
https://issues.apache.org/jira/browse/MYFACES-4058?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16205858#comment-16205858
]
Eduardo Breijo commented on MYFACES-4058:
-----------------------------------------
[~tandraschko] I have tested it on Safari using Tomcat and Mojarra and I get
the following exception:
javax.faces.application.ProtectedViewException: JSF1100: Origin [sic] header
value http://localhost:8080 does not appear to be a protected view. Preventing
display of viewId /aSubView1.xhtml
com.sun.faces.lifecycle.RestoreViewPhase.maybeTakeProtectedViewAction(RestoreViewPhase.java:369)
com.sun.faces.lifecycle.RestoreViewPhase.execute(RestoreViewPhase.java:237)
com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100)
It seems that it doesn't work there either.
Regarding my patch, I can always remove the context param and fix it by default
if we want to avoid adding a new context param. If you want, I can add a new
patch without the context param.
> ProtectedViewException for a protectedview access while checking the
> OriginHeader for appContextPath
> ----------------------------------------------------------------------------------------------------
>
> Key: MYFACES-4058
> URL: https://issues.apache.org/jira/browse/MYFACES-4058
> Project: MyFaces Core
> Issue Type: Bug
> Components: General
> Affects Versions: 2.2.6
> Environment: Windows, JSF 2.2
> Reporter: Dinesh Kumar A S
> Attachments: MYFACES-4058.patch
>
>
> Getting ProtectedViewException while accessing a protectedview/xhtml, while
> checking the OriginHeader for appContextPath..
> SO reference :
> http://stackoverflow.com/questions/38308431/jsf-2-2-protectedviewexception-due-to-origin-header-and-appcontextpath-mismatch
> Any help is much appreciated.
> Does the "Origin" request-header is supposed to have the appContextPath in
> the path/urlInfo ?
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
