On Wed, Nov 22, 2017 at 3:35 PM, Irham Iqbal <[email protected]> wrote: > Hi Isuru, > > The reason might the java version you're using. > > You can update the Owasp.CsrfGuard.Carbon.properties file, which is in > $APIM_HOME/repository/conf/security folder with the bellowing entry to > ignore this error, IMO it's better if you use the proper java version. > org.owasp.csrfguard.unprotected.mgtconsolelogin=% > servletContext%/carbon/admin/* >
Due to the gzip bug in JDK 8u151, there are other problems too. Better to use JDK 8u144. Thanks, Bhathiya > > > Thanks, > Iqbal > > On Wed, Nov 22, 2017 at 3:08 PM, Isuru Uyanage <[email protected]> wrote: > >> Hi All, >> >> I'm using wum updated pack (wso2am-2.1.0.1511201090302) for API Manager. >> After APIM server is started with the fresh pack, I can navigate to >> Management Console. But once I'm trying to log in with admin credentials, I >> cannot log in. The error is as below. >> >> Error: 403 Forbidden >> JavaLogger potential cross-site request forgery (CSRF) attack thwarted >> (user:<anonymous>, ip:10.100.5.136, method:POST, >> uri:/carbon/admin/login_action.jsp, error:required token is missing from >> the request) >> >> Affected Product Version: >> wum updated pack: wso2am-2.1.0.1511201090302.zip >> >> Environment details and versions: >> >> macOS High Sierra >> Version 10.13.1 >> Google Chrome: Version 62.0.3202.94 (Official Build) (64-bit) >> Firefox: 57.0 >> >> Any thoughts about this are highly appreciated. >> >> >> *Thanks and Best Regards,* >> >> *Isuru Uyanage* >> *Software Engineer - QA | WSO2* >> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* >> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ >> <https://www.linkedin.com/in/isuru-uyanage/>* >> >> >> >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Irham Iqbal > Software Engineer > WSO2 > phone: +94 777888452 > <http://wso2.com/signature> > > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- *Bhathiya Jayasekara* *Associate Technical Lead,* *WSO2 inc., http://wso2.com <http://wso2.com>* *Phone: +94715478185* *LinkedIn: http://www.linkedin.com/in/bhathiyaj <http://www.linkedin.com/in/bhathiyaj>* *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* *Blog: http://movingaheadblog.blogspot.com <http://movingaheadblog.blogspot.com/>*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
