Hi at all, I have a little bit tricky problem with my GWT-application when calling my webapp in a specific way...
"17.12.2012 15:03:55 org.apache.catalina.core.ApplicationContext log SCHWERWIEGEND: Exception while dispatching incoming RPC call java.lang.SecurityException: Blocked request without GWT permutation header (XSRF attack?) at com.google.gwt.user.server.rpc .RemoteServiceServlet.checkPermutationStrongName(RemoteServiceServlet.java:272) at com.google.gwt.user.server.rpc .RemoteServiceServlet.processCall(RemoteServiceServlet.java:203) at com.google.gwt.user.server.rpc .RemoteServiceServlet.processPost(RemoteServiceServlet.java:248) at com.google.gwt.user.server.rpc .AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62) at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) at java.lang.Thread.run(Thread.java:662)" I'm accessing my webapp in two different ways (Its always the same browser and the same server (Apache Tomcat 6, GWT 2.4)...): 1. in a direct connection (client-server). This works correctly and an example packet looks like this: POST /FooAppGUI/FooApp/FooApp HTTP/1.1 Host: 11.58.123.2:8086 Connection: keep-alive Content-Length: 203 Origin: http://11.58.123.2:8086 X-GWT-Module-Base: http://11.58.123.2:8086/FooAppGUI/FooApp/ User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.97 Safari/537.11 Content-Type: text/x-gwt-rpc; charset=UTF-8 X-GWT-Permutation: 90CA5B4327EF5ACF07FAFFAA13438149 Accept: */* Referer: http://11.58.123.2:8086/FooAppGUI/ Accept-Encoding: gzip,deflate,sdch Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 7|0|4|http://11.58.123.2:8086/FooAppGUI/FooApp/|244FABC818D0AD413563111AC39A732A|com.foo.bar.FooApp.GUI.presentation.rpc.FooAppRemoteService|getClientProperties|1|2|3|4|0| 2. In a indirect connection using a ssl-gateway (client-gateway-server). In this case, the server is rejecting the call with the mentioned error. The same call like above looks like this: POST /FooAppGUI/FooApp/FooApp HTTP/1.0 Host: 11.58.123.2:8086 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3 Content-Type: text/x-gwt-rpc; charset=utf-8 Referer: http://11.58.123.2:8086/FooAppGUI/ Content-Length: 203 Pragma: no-cache 7|0|4|http://11.58.123.2:8086/FooAppGUI/FooApp/|244FABC818D0AD413563111AC39A732A|com.foo.bar.FooApp.GUI.presentation.rpc.FooAppRemoteService|getClientProperties|1|2|3|4|0| There are heavy differences in the headers, but what is the reason for this? Should GWT work over http1.0 or does it need http1.1? What else could went wrong? Does anyone have an idea? Thanks in advance, Nick -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
