Re: [TEST] Struts 6.0.2 test build is ready

I have a use case, where it is no option to muddle with headers. The headers are dynamically controlled by the App. So I really would need an option to remove any well-intentioned, but not wanted headers. This seems not easily possible with the added CSP in 6.x version. Any chance that such

Re: [TEST] Struts 6.0.2 test build is ready

Thanks Łukasz Any chance to disable this on domain basis, or even totally? I fear coopInterceptor.exemptedPaths will not be sufficiant in my case. Best regards Markus Am 30.08.22 um 16:22 schrieb Łukasz Lenart: CSP was added in 6.x version https://struts.apache.org/core-developers/coop-int

Re: [TEST] Struts 6.0.2 test build is ready

CSP was added in 6.x version https://struts.apache.org/core-developers/coop-interceptor https://struts.apache.org/core-developers/coop-interceptor https://struts.apache.org/core-developers/fetch-metadata-interceptor W dniu wt., 30.08.2022 o 15:54 i...@flyingfischer.ch napisał(a): > It looks li

Re: [TEST] Struts 6.0.2 test build is ready

It looks like an cross-site issue: The error does only appear, when the request is called from a third party domain. When called from a subdomain of the main domain, the error does not appear. Regards Markus Am 30.08.22 um 15:35 schrieb i...@flyingfischer.ch: I am puzzled, calling the same r

Re: [TEST] Struts 6.0.2 test build is ready

I am puzzled, calling the same request on the console works: curl -i -X OPTIONS https://domain/context/mypath?url=urlEncodedUrl HTTP/1.1 302 Cache-control: no-cache, no-store Pragma: no-cache Expires: -1 Vary: Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,Sec-Fetch-User Cross-Origin-Embedder-Polic

Re: [TEST] Struts 6.0.2 test build is ready

Indeed I use http://xmlns.jcp.org/xml/ns/javaee"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";     xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"; version="3.1"> Regards Markus Am 30.08.22 um 14:39 schrieb Lukasz Lenart:

Re: [TEST] Struts 6.0.2 test build is ready

The action and the result actually do exist as redirectAction       otherpath   ${url}     This works: GET /context/mypath?url=urlEncodedUrl HTTP/1.1" This fails: OPTIONS /context/mypath?url=urlEncodedUrl HTTP/1.1" 404 But yes, strange that OPTIONS returns 404

Re: [TEST] Struts 6.0.2 test build is ready

Do you use the proper Servlet 3.1 headers in web.xml? http://xmlns.jcp.org/xml/ns/javaee"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"; version=

Re: [TEST] Struts 6.0.2 test build is ready

Thanks. I see "...and result 403..." so looks like the underlying action has responded with 403 i.e. forbidden and you haven't defined such result for this action in struts.xml? wdyt? On 8/29/2022 8:32 PM, i...@flyingfischer.ch wrote: Hi Yasser sure. Regards Markus 29-08-2022 16:12:47.8 WAR