DWR A request has been denied as a potential CSRF attack
来源:互联网 发布:spss11.0 mac版 编辑:程序博客网 时间:2024/05/20 12:47
虽然DWR是个很早就出现的Ajax框架,但一直都没去使用过,今天正好没事就看了一下并参照文档照做了个demo,
在其中碰到一个问题:
后台打印出错误信息:“严重: A request has been denied as a potential CSRF attack.” 在网上google一把
之后,出现此错误的原因大都是说“请求被拒绝,可能存在csrf(cross-site request forgeries,跨站请求伪造)攻击、
页面URL可能被跨站了的服务所调用之类的”,但是我这里只有一个简单的测试页面,是根本不存在什么所谓的跨站请求的,
但不知道为什么?希望有知道的朋友告诉一下我,万谢!
不过最后还是通过网上搜索给解决了,得到以下两种解决方案:
1、在web.xml配置文件中修改dwr的配置:
Xml代码
<servlet>
<servlet-name>dwr-invoker</servlet-name>
<servlet-class>org.directwebremoting.servlet.DwrServlet</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>true</param-value>
</init-param>
<!-- 新加corssDomainSessionSecurity参数 -->
<init-param>
<param-name>crossDomainSessionSecurity</param-name>
<param-value>false</param-value>
</init-param>
</servlet>
<servlet>
<servlet-name>dwr-invoker</servlet-name>
<servlet-class>org.directwebremoting.servlet.DwrServlet</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>true</param-value>
</init-param>
<!-- 新加corssDomainSessionSecurity参数 -->
<init-param>
<param-name>crossDomainSessionSecurity</param-name>
<param-value>false</param-value>
</init-param>
</servlet>
2、将JSP文件中所引用的js文件engine.js的方式,由<script type="text/javascript" src="js/engine.js"></script> 更改成:<script type="text/javascript" src="dwr/engine.js"></script>。不知道为什么这样就可以啦,而
引用js目录下就会报错。希望有知道朋友,不吝赐教,在下感激不尽!
- A request has been denied as a potential CSRF attack.”
- A request has been denied as a potential CSRF attack.”
- A request has been denied as a potential CSRF attack.
- A request has been denied as a potential CSRF attack.”
- dwr的A request has been denied as a potential CSRF attack.错误
- DWR A request has been denied as a potential CSRF attack
- tomcat7:dwr下A request has been denied as a potential CSRF attack.
- dwr:A request has been denied as a potential CSRF attack.
- DWR A request has been denied as a potential CSRF attack
- dwr的A request has been denied as a potential CSRF attack.错误
- dwr:A request has been denied as a potential CSRF attack.错误的解决
- 亲测遇到dwr的A request has been denied as a potential CSRF attack错误的解决方案
- DWR A request has been denied as a potential CSRF atta 的两种情况
- dwr的org.directwebremoting.dwrp.Batch:75-A request has been denied as a ppotential CSRF attack错误
- Dwr Session Error A request has been denied 异常
- WebTools has not been correctly installed as a NT Service.
- is-A && as-A && has-A
- flex error:HttpFlexSession has not been registered as a listener in web.xml
- Spring MVC
- sharepoint "+"号问题
- Linux下非线程安全的函数及替代函数
- 浅谈android通过修改framework-res.apk进行美化的方法
- 学习c++的50条忠告(初学者必看)
- DWR A request has been denied as a potential CSRF attack
- android手机短信总结
- EditText的clearFocus() :让EditText失去焦点
- 关于内存数据库
- 浅析C++标准头文件结构
- Bash shell中的位置参数$#,$*,$@,$0,$1,$2...及特殊参数$?,$-等的含义
- 访问控制列表 配置:命名访问控制列表配置
- Java_ABC_1.连接MySQL数据库
- 发现CSDN,文章分类有个bug