DWR A request has been denied as a potential CSRF atta 的两种情况
来源:互联网 发布:猎鲸狂人软件 编辑:程序博客网 时间:2024/06/16 11:29
在学习DWR的时候,做官方的Hello world 的时候出现以下错误:
2008-8-29 11:58:53 org.directwebremoting.util.CommonsLoggingOutput error
严重: A request has been denied as a potential CSRF attack.
在网上找了下,解决方法如下:
请求被拒绝因为可能存在csrf(cross-site request forgeries,跨站请求伪造)攻击.
也就是说页面URL可能被跨站了的服务所调用.
例如:自己页面的一个图片.可能被其他站直接通过[img]....[/img]来引用.
<servlet-name>dwr-invoker</servlet-name>
<servlet-class>org.directwebremoting.servlet.DwrServlet</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>crossDomainSessionSecurity</param-name>
<param-value>false</param-value>
</init-param>
</servlet>
加入corssDomainSessionSecurity这个配置选项..这个参数是在dwr版本2.0才有的.默认值为true,也就是禁止其他域发送请求.corssDomainSessionSecurity:设置成false能够从其他域进行请求.注意这样做会在安全性上有一些冒险.
但是经测试问题还是存在,进入测试页时出现如下提示:
Methods For: userDAOAjax (com.wang.util.UserDAOAjax)To use this class in your javascript you will need the following script includes:
<script type='text/javascript' src='/TestAjax/dwr/interface/userDAOAjax.js'></script> <script type='text/javascript' src='/TestAjax/dwr/engine.js'></script>In addition there is an optional utility script:
<script type='text/javascript' src='/TestAjax/dwr/util.js'></script>经过仔细察看,发现engine.js和util.js的路径与官方文档的不太一样。官方说,将这两个js拷贝到自己建立的文件夹中再引用。我想可能这有点问题,于是将自己建立的js文件夹(包含engine.js和util.js)删除,再运行,一切正常,所以这个例子是不需要拷贝engine.js和util.js两个文件的。直接用dwr路径引用,因为dwr.jar包里面已经包含了这两个文件。 0 0
- DWR A request has been denied as a potential CSRF atta 的两种情况
- dwr的A request has been denied as a potential CSRF attack.错误
- dwr的A request has been denied as a potential CSRF attack.错误
- dwr:A request has been denied as a potential CSRF attack.错误的解决
- A request has been denied as a potential CSRF attack.”
- A request has been denied as a potential CSRF attack.”
- A request has been denied as a potential CSRF attack.
- A request has been denied as a potential CSRF attack.”
- DWR A request has been denied as a potential CSRF attack
- tomcat7:dwr下A request has been denied as a potential CSRF attack.
- dwr:A request has been denied as a potential CSRF attack.
- DWR A request has been denied as a potential CSRF attack
- 亲测遇到dwr的A request has been denied as a potential CSRF attack错误的解决方案
- dwr的org.directwebremoting.dwrp.Batch:75-A request has been denied as a ppotential CSRF attack错误
- Dwr Session Error A request has been denied 异常
- WebTools has not been correctly installed as a NT Service.
- is-A && as-A && has-A
- flex error:HttpFlexSession has not been registered as a listener in web.xml
- 最近公共祖先(Tarjan算法)
- TCP/UDP通信模型
- 如何修改计算机名,才能用该用户名远程
- C语言基础知识之#pragma once
- 提示框
- DWR A request has been denied as a potential CSRF atta 的两种情况
- UIViewController 视图控制器
- leetcode之Triangle
- 字符串包含一个或多个数字,编写函数把数字字符转化为整数并返回这个整数。如果字符串包含任何非数字字符,函数就返回零。
- OCP-1Z0-051 第47题 索引
- Linux Bash Shell快速入门 在线教程
- android notification 的总结分析
- 两个变量值的交换legend
- poj1201(图论)