Hey Samuel, The Server Protection Service presents cross-site scripting by checking the referrer header and if the current request originates from an authenticated user.
You can configure it in the config manager in the system console (look for Server Protection Service) [1]. If you're working in a dev environment, it's probably easiest to just disable the service. If you're running in a production environment it's best to set it up properly. You'll want to configure all the hosts where your server will be accessible in the 'Trusted Hosts' field. The values should be of the form "trustedHostHeader = untrustedRedirectURL" where: * trustedHostHeader is the hostname that should be allowed (ex: 84.39.96.84) * untrustedRedirectURL is the URL where you'll serve unsafe content from (think user uploaded html files), ex: http://84.39.96.84:8082 I hope that helps [1 http://84.39.96.84:8080/system/console/configMgr On 19 Apr 2013, at 17:08, Samuel Gutiérrez Jiménez-Peña <samuelgutierrezjime...@gmail.com> wrote: > Bert, thanks by arrangement. > > I would like to know the steps you followed to fix the error, because I did > not understand very well, what you did. > > I hope your answer. > > Regards, Samuel. > > El 19/04/2013, a las 17:57, Bert Pareyn <pareyn.b...@gmail.com> escribió: > >> Samuel, I went ahead and disabled the service in the console under bundles. >> I gave it a quick try and that was indeed the issue. I turned off the server >> protection service under the bundles tab, I hope that helps. >> Feel free to turn it back on again if you want to properly configure your >> instance. >> >> - Bert >> >> On 19 Apr 2013, at 16:55, Nicolaas Matthijs >> <nicolaas.matth...@caret.cam.ac.uk> wrote: >> >>> Hi Samuel, >>> >>> I suspect this is a problem with the Server Protection Service. Have you >>> followed the instructions in the `Configure Server Protection Service` >>> section on >>> https://confluence.sakaiproject.org/display/3AK/OAE+Configuration+and+Deployment? >>> >>> Thanks, >>> Nicolaas >>> >>> >>> On 19 Apr 2013, at 16:52, Samuel Gutiérrez Jiménez-Peña wrote: >>> >>>> Hi Braden, >>>> >>>> I tried creating a new account but does nothing when I click on the button >>>> "CREATE ACCOUNT": >>>> >>>> <Captura de pantalla 2013-04-19 a la(s) 17.42.49.png> >>>> >>>> I leave you, the url where I have hosted Sakai OAE: >>>> >>>> http://84.39.96.84:8080 >>>> >>>> I don't know why it fails so much .. >>>> >>>> Regards, Samuel. >>>> >>>> El 19/04/2013, a las 15:25, Branden Visser <mrvis...@gmail.com> escribió: >>>> >>>>> Hi Samuel, >>>>> >>>>> admin / admin should not have access to the regular user interface, that >>>>> user is in a different realm for the admin console only. Everything in >>>>> the screenshot you sent looks fine to me, the "Fragment" is a different >>>>> kind of bundle. >>>>> >>>>> Try creating an account through the regular user interface and continue >>>>> your testing from there. Let us know if there are more problems. >>>>> >>>>> Thanks, >>>>> Branden >>>> >>>> _______________________________________________ >>>> oae-dev mailing list >>>> oae-dev@collab.sakaiproject.org >>>> http://collab.sakaiproject.org/mailman/listinfo/oae-dev >>> >>> _______________________________________________ >>> oae-dev mailing list >>> oae-dev@collab.sakaiproject.org >>> http://collab.sakaiproject.org/mailman/listinfo/oae-dev >> > > _______________________________________________ > oae-dev mailing list > oae-dev@collab.sakaiproject.org > http://collab.sakaiproject.org/mailman/listinfo/oae-dev _______________________________________________ oae-dev mailing list oae-dev@collab.sakaiproject.org http://collab.sakaiproject.org/mailman/listinfo/oae-dev
