[
https://issues.apache.org/jira/browse/WICKET-6101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Martijn Dashorst closed WICKET-6101.
------------------------------------
Resolution: Not A Problem
As you can see in the log, the request is not blocked. The origin header was
not set, and the action is allowed. It is logged to ensure that the developer
knows which Origin headers are being sent if at all, to be able to finetune the
whitelist. See the documentation of the CsrfPreventionRequestCycleListener for
more information on the configuration options.
> Bootstrap Modal is falsely blocked due to possible csrf attack
> --------------------------------------------------------------
>
> Key: WICKET-6101
> URL: https://issues.apache.org/jira/browse/WICKET-6101
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Reporter: Marc G.
>
> I've created this ticket here cause it was posted on my github project:
> --------
> Hey Marc,
> i checked out your project yesterday an it works great so far.
> I encountered a problem recently with the 'Wicket Bootstrap'-Api
> (https://github.com/l0rdn1kk0n/wicket-bootstrap).
> As soon as i open a modal window the application recognizes a possible csrf
> attack because the origin of the request is empty.
> Log says: INFO 869808 --- [nio-8080-exec-7]
> w.p.h.CsrfPreventionRequestCycleListener : Possible CSRF attack, request URL:
> http://localhost:8080/, Origin: null, action: allowed
> Regards, pa7r1ck
> ---
> I'am also encounterd this problem when I'm using a
> AjaxFallbackDefaultDataTable and changing the sorting.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
