Hi Maxim, I don't use this combination. But I will try to test it soon and see what can be done.
Martin Grigorov Wicket Training and Consulting https://twitter.com/mtgrigorov On Fri, May 12, 2017 at 11:00 AM, Maxim Solodovnik <solomax...@gmail.com> wrote: > Does anybody uses this filter? > > On Thu, May 11, 2017 at 10:44 AM, Maxim Solodovnik <solomax...@gmail.com> > wrote: > > Hello All, > > > > just have tried to add CsrfPreventionRequestCycleListener to our > application > > everything seems to work except for Websockets :( > > > > Now I'm getting > > > > [INFO] [http-nio-0.0.0.0-5080-exec-9] > > org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener - > > Possible CSRF attack, request URL: > > /openmeetings/wicket/websocket?pageId=1&wicket- > ajax-baseurl=&wicket-app-name=OpenmeetingsApplication, > > Origin: null, action: aborted with error 400 Origin does not > > correspond to request > > [WARN] [http-nio-0.0.0.0-5080-exec-9] > > org.apache.wicket.protocol.ws.api.WebSocketResponse - An HTTP error > > response in WebSocket communication would not be processed by the > > browser! If you need to send the error code and message to the client > > then configure custom WebSocketResponse via > > WebSocketSettings#newWebSocketResponse() factory method and override > > #sendError() method to write them in an appropriate format for your > > application. The ignored error code is '400' and the message: 'Origin > > does not correspond to request'. > > > > in the logs ... > > What should I do to set Origin for Websockets? > > > > -- > > WBR > > Maxim aka solomax > > > > -- > WBR > Maxim aka solomax > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > >
