Hello All, just have tried to add CsrfPreventionRequestCycleListener to our application everything seems to work except for Websockets :(
Now I'm getting [INFO] [http-nio-0.0.0.0-5080-exec-9] org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener - Possible CSRF attack, request URL: /openmeetings/wicket/websocket?pageId=1&wicket-ajax-baseurl=&wicket-app-name=OpenmeetingsApplication, Origin: null, action: aborted with error 400 Origin does not correspond to request [WARN] [http-nio-0.0.0.0-5080-exec-9] org.apache.wicket.protocol.ws.api.WebSocketResponse - An HTTP error response in WebSocket communication would not be processed by the browser! If you need to send the error code and message to the client then configure custom WebSocketResponse via WebSocketSettings#newWebSocketResponse() factory method and override #sendError() method to write them in an appropriate format for your application. The ignored error code is '400' and the message: 'Origin does not correspond to request'. in the logs ... What should I do to set Origin for Websockets? -- WBR Maxim aka solomax --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
