Hi Yes it's behind a reverse proxy logs says 2017-04-25 07:39:21,524 [qtp1564314458-63] WARN org.apache.archiva.redback.rest.services.interceptors.RequestValidationInterceptor [] - Referer Header Host does not match refererUrl= https://archiva-repository.apache.org/archiva/index.html?request_lang=en, targetUrl=http://archiva-repository.apache.org, archiva-repository.apache.org
The security.properties contains rest.baseUrl=https://archiva-repository.apache.org (I tried with https as well) The referer header has value: https://archiva-repository.apache.org/archiva/index.html?request_lang=en Activating debug: 2017-04-25 07:49:00,570 [qtp749705282-29] DEBUG org.apache.archiva.redback.rest.services.interceptors.RequestValidationInterceptor [] - Referer Header URL found: https://archiva-repository.apache.org/archiva/index.html?request_lang=en 2017-04-25 07:49:00,571 [qtp749705282-29] WARN org.apache.archiva.redback.rest.services.interceptors.RequestValidationInterceptor [] - Referer Header Host does not match refererUrl= https://archiva-repository.apache.org/archiva/index.html?request_lang=en, targetUrl=http://archiva-repository.apache.org, archiva-repository.apache.org 2017-04-25 07:49:00,571 [qtp749705282-29] WARN org.apache.archiva.redback.rest.services.interceptors.RequestValidationInterceptor [] - HTTP Header check failed. Assuming CSRF attack. Well I can disable that but I'd like to not have too many users complaining :-) On 25 April 2017 at 16:54, Martin Stockhammer <[email protected]> wrote: > Hi, > > It's behind a reverse proxy or something similar? > I think it's the request url. It is determined automatically. But you can > set a redback configuration property. > In security.properties set > rest.baseUrl=http://archiva-repository.apache.org > > Cheers > > Martin > > > Am 25. April 2017 01:59:29 MESZ schrieb Olivier Lamy <[email protected]>: >> >> Hi Martin, >> Thanks for your effort with the release!! >> Works fine locally, all sigs are ok! >> I installed the version for https://archiva-repository.apache.org/archiva/ >> but I have a problem as cannot log anymore because some REST resources are >> marked as 403. >> In this particular case: >> https://archiva-repository.apache.org/archiva/restServices/archivaServices/commonServices/getAllI18nResources >> Any idea? >> >> On 24 April 2017 at 05:01, Martin <[email protected]> wrote: >> >> Hi, >>> >>> I think I now have everything ready and I'd like to release Apache Archiva >>> 2.2.2 >>> >>> Note this vote include some parent poms, and redback core. >>> >>> We fixed these issues: >>> https://issues.apache.org/jira/secure/ReleaseNote.jspa? >>> projectId=12316920&version=12335832 >>> >>> The staging repository is available here: >>> https://archiva-repository.apache.org/archiva/repository/ >>> archiva-releases-stage/ >>> >>> Dist artifacts here: https://dist.apache.org/repos/dist/dev/archiva/ >>> >>> Vote open for 72H >>> [+1] >>> [0] >>> [-1] >>> >>> Greetings >>> -- >>> Martin Stockhammer >> >> >> >> >> > -- > Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet. > -- Olivier Lamy http://twitter.com/olamy | http://linkedin.com/in/olamy
