Hi Maxim, Just adding getRequestCycleListeners().add(new CsrfPreventionRequestCycleListener()); to org.apache.wicket.examples.websocket.JSR356Application#init() doesn't lead to any error.
Martin Grigorov Wicket Training and Consulting https://twitter.com/mtgrigorov On Mon, May 15, 2017 at 7:54 AM, Maxim Solodovnik <solomax...@gmail.com> wrote: > Hello Martin, > > were you able to take a look at it? > I was hoping to have M6 with working Csrf+WebSockets .... > > On Fri, May 12, 2017 at 4:45 PM, Maxim Solodovnik <solomax...@gmail.com> > wrote: > > Thanks a million, Martin :) > > > > On Fri, May 12, 2017 at 4:34 PM, Martin Grigorov <mgrigo...@apache.org> > wrote: > >> Hi Maxim, > >> > >> I don't use this combination. > >> But I will try to test it soon and see what can be done. > >> > >> Martin Grigorov > >> Wicket Training and Consulting > >> https://twitter.com/mtgrigorov > >> > >> On Fri, May 12, 2017 at 11:00 AM, Maxim Solodovnik < > solomax...@gmail.com> > >> wrote: > >> > >>> Does anybody uses this filter? > >>> > >>> On Thu, May 11, 2017 at 10:44 AM, Maxim Solodovnik < > solomax...@gmail.com> > >>> wrote: > >>> > Hello All, > >>> > > >>> > just have tried to add CsrfPreventionRequestCycleListener to our > >>> application > >>> > everything seems to work except for Websockets :( > >>> > > >>> > Now I'm getting > >>> > > >>> > [INFO] [http-nio-0.0.0.0-5080-exec-9] > >>> > org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener - > >>> > Possible CSRF attack, request URL: > >>> > /openmeetings/wicket/websocket?pageId=1&wicket- > >>> ajax-baseurl=&wicket-app-name=OpenmeetingsApplication, > >>> > Origin: null, action: aborted with error 400 Origin does not > >>> > correspond to request > >>> > [WARN] [http-nio-0.0.0.0-5080-exec-9] > >>> > org.apache.wicket.protocol.ws.api.WebSocketResponse - An HTTP error > >>> > response in WebSocket communication would not be processed by the > >>> > browser! If you need to send the error code and message to the client > >>> > then configure custom WebSocketResponse via > >>> > WebSocketSettings#newWebSocketResponse() factory method and override > >>> > #sendError() method to write them in an appropriate format for your > >>> > application. The ignored error code is '400' and the message: 'Origin > >>> > does not correspond to request'. > >>> > > >>> > in the logs ... > >>> > What should I do to set Origin for Websockets? > >>> > > >>> > -- > >>> > WBR > >>> > Maxim aka solomax > >>> > >>> > >>> > >>> -- > >>> WBR > >>> Maxim aka solomax > >>> > >>> --------------------------------------------------------------------- > >>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > >>> For additional commands, e-mail: users-h...@wicket.apache.org > >>> > >>> > > > > > > > > -- > > WBR > > Maxim aka solomax > > > > -- > WBR > Maxim aka solomax > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > >
