[
https://issues.apache.org/jira/browse/MYFACES-4058?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16209862#comment-16209862
]
Leonardo Uribe commented on MYFACES-4058:
-----------------------------------------
I think if Origin header should not contain app path, it is ok to do so,
because the intention was to check the origin header. A context param
org.apache.myfaces.STRICT_JSF_2_ORIGIN_HEADER_APP_PATH could work.
> ProtectedViewException for a protectedview access while checking the
> OriginHeader for appContextPath
> ----------------------------------------------------------------------------------------------------
>
> Key: MYFACES-4058
> URL: https://issues.apache.org/jira/browse/MYFACES-4058
> Project: MyFaces Core
> Issue Type: Bug
> Components: General
> Affects Versions: 2.2.6
> Environment: Windows, JSF 2.2
> Reporter: Dinesh Kumar A S
> Attachments: MYFACES-4058.patch
>
>
> Getting ProtectedViewException while accessing a protectedview/xhtml, while
> checking the OriginHeader for appContextPath..
> SO reference :
> http://stackoverflow.com/questions/38308431/jsf-2-2-protectedviewexception-due-to-origin-header-and-appcontextpath-mismatch
> Any help is much appreciated.
> Does the "Origin" request-header is supposed to have the appContextPath in
> the path/urlInfo ?
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
