Hi, $subject can be reproduced with the docker image shared at [1]. But when trying the same with the server in a non-containerized environment this issue does not occur.
When I checked the source of newdatasource.jsp on the browser, in the happy scenario, <input type="hidden" name="X-CSRF-Token" value="SZER-VJCQ-MV08-2K2D-3GWL-H241-DNKK-1O4A"> element was present in the jsp page. But in the error scenario, this element was not present. So, when loading the page, the call to the servlet that injects the token has not been executed properly. To verify this, I debugged the csrfguard source[2] and noticed that, the request does not go thorugh CsrfGuardFilter. Also the status of the request in the browser was " net::ERR_CONTENT_DECODING_FAILED". Any idea why this happens only when the server is run in a container? [1] https://github.com/wso2/product-ei/issues/696 [2] https://github.com/aramrami/OWASP-CSRFGuard Thanks, Manuri -- *Manuri Amaya Perera* *Senior Software Engineer* *WSO2 Inc.* *Blog: http://manuriamayaperera.blogspot.com <http://manuriamayaperera.blogspot.com>*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
