I've made a quick test on a GeoServer we deployed, with a NGINX proxy in front of it (don't know the details of the deploy tough).
I can enable and disable the statistics without issues, the request disabling them looks as follows (slightly edited for privacy): curl ' https://some-host.org/geoserver/web/wicket/bookmarkable/org.geoserver.web.admin.StatusPage?6-3.IBehaviorListener.0-tabs-panel-refreshed~values-statistics&filter=false' \ -X 'POST' \ -H 'accept: application/xml, text/xml, */*; q=0.01' \ -H 'accept-language: it-IT,it;q=0.9,en-GB;q=0.8,en;q=0.7,en-US;q=0.6' \ -H 'cache-control: no-cache' \ -H 'content-length: 0' \ -H 'cookie: GeoServerUILanguage=en; GeoServerUILanguage=en; <some cooking value here>' \ -H 'origin: https://some-host.org' \ -H 'pragma: no-cache' \ -H 'referer: https://some-host.org/geoserver/web/wicket/bookmarkable/org.geoserver.web.admin.StatusPage?6&filter=false' \ -H 'sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"' \ -H 'sec-ch-ua-mobile: ?0' \ -H 'sec-ch-ua-platform: "Linux"' \ -H 'sec-fetch-dest: empty' \ -H 'sec-fetch-mode: cors' \ -H 'sec-fetch-site: same-origin' \ -H 'user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36' \ -H 'wicket-ajax: true' \ -H 'wicket-ajax-baseurl: wicket/bookmarkable/org.geoserver.web.admin.StatusPage?6&filter=false' \ -H 'wicket-focusedelementid: statistics' \ -H 'x-requested-with: XMLHttpRequest' Regards, Andrea Aime == GeoServer Professional Services from the experts! Visit http://bit.ly/gs-services-us for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions Group phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 https://www.geosolutionsgroup.com/ http://twitter.com/geosolutions_it ------------------------------------------------------- Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia. This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail On Tue, Mar 26, 2024 at 9:47 AM Михаил Захаренков <zakharenko...@gmail.com> wrote: > Hello. > I'm facing the error described in > https://osgeo-org.atlassian.net/browse/GEOS-10468. > I am using geoserver version 2.24.2. > > I noticed that when you enable the option, a POST request is sent with the > form data: > *tabs:panel:refreshed-values:statistics: on* > > If you disable the checkbox, the request will be sent without a parameter. > As a result, the server returns a 403 Forbidden error and statistics > continue to be collected, and the checkbox becomes enabled again. > > It seems to me that when the checkbox is disabled, > tabs:panel:refreshed-values:statistics: off > should be sent, by analogy). > > I am aware of GEOSERVER_CSRF_WHITELIST and my domain is added to this list > in the web.xml file. > > Best regards, Mike. > _______________________________________________ > Geoserver-users mailing list > > Please make sure you read the following two resources before posting to > this list: > - Earning your support instead of buying it, but Ian Turton: > http://www.ianturton.com/talks/foss4g.html#/ > - The GeoServer user list posting guidelines: > http://geoserver.org/comm/userlist-guidelines.html > > If you want to request a feature or an improvement, also see this: > https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer > > > Geoserver-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-users >
_______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users