Hi Chris, That was a good test suggestion, to compare the page source between when CSRF is on and off. What surprised me is that the page source between the two is identical.
But still with the CSRF filter on I see this: And with that filter off I see this: If I was fronting with Apache httpd would there be something specifically that I would have to do? I believe there might be some setups where this may be the case. Although my current setup doesn't have it. Cheers, Matt -----Original Message----- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Friday, April 08, 2011 10:42 AM To: Tomcat Users List Subject: Re: Help with CsrfPreventionFilter -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mathew, On 4/8/2011 9:26 AM, Mathew Samuel wrote: > Yes the webapp works perfectly fine if I comment out the CSRFPreventionFilter. Good. > Also tried with "<url-pattern>/*</url-pattern>" but it produced the > same result in that what loads is basically a text-based page with no > images, no functionality behind buttons. :( Can you post a snippet of page source where everything is broken? Also post the same snippet where the CsrfPreventionFilter is disabled. Are you fronting Tomcat with Apache httpd or some other web server? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2fHtAACgkQ9CaO5/Lv0PBISQCgj2vuYdDk5mGjcd2H6UP7Noxl j/kAn1m+9vWwNTosyjug2k+UnRu1o6kh =YYZH -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
