On 26.07.2016 12:22, Mark Thomas wrote:
On 26/07/2016 11:18, Robert Alsdorff wrote:
Hey folks,
during some tests I had several 403 Validation of CSRF security token
failed errors. Since it's only a testing system I'd like to disable
the CSRF checks but I don't find any information on how to do that.
Has anybody already done that and can help me out?
Assuming that the CSRF protection is provided by the standard Tomcat
filter, remove the mapping for the CSRF filter in the web.xml of the
application.
Mark
I searched the standard web.xml, the standard server.xml and the
applications
web.xml for the CSRF filter but non of these have the filter mappings.
A quick search showed that there are no more web.xml files on my system.
Where
else could that filter be enabled or do I have to define the filter in
the
web.xml and set some kind of disabled flag?
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
