Jarek Gawor created GERONIMO-6348:
-------------------------------------
Summary: XSSXSRFFilter blocked HttpServletRequest due to invalid
FORM content.c
Key: GERONIMO-6348
URL: https://issues.apache.org/jira/browse/GERONIMO-6348
Project: Geronimo
Issue Type: Bug
Security Level: public (Regular issues)
Components: console
Affects Versions: 3.0-beta-1
Environment: Windows, IE8 with compatibility mode on or Eclipse
internal web browser.
Reporter: Jarek Gawor
When using the admin console on Windows with IE8 with compatibility mode on the
following messages are generated on each click:
2012-05-10 01:57:10,307 WARN [XSRFHandler] Blocked due to missing
HttpServletRequest parameter.
2012-05-10 01:57:10,307 ERROR [XSSXSRFFilter] XSSXSRFFilter blocked
HttpServletRequest due to invalid FORM content.
These messages are generated each time a request is made to access
/console/dojo/dojo/resources/blank.html. It looks like Dojo has a special case
for IE which generates this extra request not seen on other browsers.
The problem is also visible using the Eclipse's internal web browser which
automatically gets configured with IE compatibility mode.
These errors look harmless but can be very confusing and annoying to users so I
think we need to find some way to avoid them.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
