Thanks a lot for checking Martin, The issue seems to be caused by following code in *.html (reproducible using quickstart)
<script type="text/javascript"> $(function() { Wicket.Event.subscribe(Wicket.Event.Topic.WebSocket.Opened, function() { Wicket.WebSocket.send("socketConnected"); }); }); </script> I guess I need to manually set missing headers in such call Can you please help to set necessary headers? On Mon, May 15, 2017 at 1:50 PM, Martin Grigorov <mgrigo...@apache.org> wrote: > Hi Maxim, > > Just adding getRequestCycleListeners().add(new > CsrfPreventionRequestCycleListener()); > to org.apache.wicket.examples.websocket.JSR356Application#init() doesn't > lead to any error. > > Martin Grigorov > Wicket Training and Consulting > https://twitter.com/mtgrigorov > > On Mon, May 15, 2017 at 7:54 AM, Maxim Solodovnik <solomax...@gmail.com> > wrote: > >> Hello Martin, >> >> were you able to take a look at it? >> I was hoping to have M6 with working Csrf+WebSockets .... >> >> On Fri, May 12, 2017 at 4:45 PM, Maxim Solodovnik <solomax...@gmail.com> >> wrote: >> > Thanks a million, Martin :) >> > >> > On Fri, May 12, 2017 at 4:34 PM, Martin Grigorov <mgrigo...@apache.org> >> wrote: >> >> Hi Maxim, >> >> >> >> I don't use this combination. >> >> But I will try to test it soon and see what can be done. >> >> >> >> Martin Grigorov >> >> Wicket Training and Consulting >> >> https://twitter.com/mtgrigorov >> >> >> >> On Fri, May 12, 2017 at 11:00 AM, Maxim Solodovnik < >> solomax...@gmail.com> >> >> wrote: >> >> >> >>> Does anybody uses this filter? >> >>> >> >>> On Thu, May 11, 2017 at 10:44 AM, Maxim Solodovnik < >> solomax...@gmail.com> >> >>> wrote: >> >>> > Hello All, >> >>> > >> >>> > just have tried to add CsrfPreventionRequestCycleListener to our >> >>> application >> >>> > everything seems to work except for Websockets :( >> >>> > >> >>> > Now I'm getting >> >>> > >> >>> > [INFO] [http-nio-0.0.0.0-5080-exec-9] >> >>> > org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener - >> >>> > Possible CSRF attack, request URL: >> >>> > /openmeetings/wicket/websocket?pageId=1&wicket- >> >>> ajax-baseurl=&wicket-app-name=OpenmeetingsApplication, >> >>> > Origin: null, action: aborted with error 400 Origin does not >> >>> > correspond to request >> >>> > [WARN] [http-nio-0.0.0.0-5080-exec-9] >> >>> > org.apache.wicket.protocol.ws.api.WebSocketResponse - An HTTP error >> >>> > response in WebSocket communication would not be processed by the >> >>> > browser! If you need to send the error code and message to the client >> >>> > then configure custom WebSocketResponse via >> >>> > WebSocketSettings#newWebSocketResponse() factory method and override >> >>> > #sendError() method to write them in an appropriate format for your >> >>> > application. The ignored error code is '400' and the message: 'Origin >> >>> > does not correspond to request'. >> >>> > >> >>> > in the logs ... >> >>> > What should I do to set Origin for Websockets? >> >>> > >> >>> > -- >> >>> > WBR >> >>> > Maxim aka solomax >> >>> >> >>> >> >>> >> >>> -- >> >>> WBR >> >>> Maxim aka solomax >> >>> >> >>> --------------------------------------------------------------------- >> >>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> >>> For additional commands, e-mail: users-h...@wicket.apache.org >> >>> >> >>> >> > >> > >> > >> > -- >> > WBR >> > Maxim aka solomax >> >> >> >> -- >> WBR >> Maxim aka solomax >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> For additional commands, e-mail: users-h...@wicket.apache.org >> >> -- WBR Maxim aka solomax --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org