Should be fixed by[1]
[1] http://gerrit.ovirt.org/#/c/17567/ ----- Original Message ----- > From: "Vojtech Szocs" <[email protected]> > To: "Hans-Joachim" <[email protected]> > Cc: "Juan Hernandez" <[email protected]>, [email protected] > Sent: Thursday, August 1, 2013 8:55:33 PM > Subject: Re: [Users] 3.3 Nightly Built July 31st: Still problems with gwt.rpc > > Hi, > > the problem here was following: > > - GWT RPC requests include X-GWT-* headers to provide additional meta-data, > i.e. [X-GWT-Module-Base: https://whatever/webadmin/webadmin/] > - when processing GWT RPC request, server (RpcServlet) gets X-GWT-Module-Base > value and compares it with current request's context path > - if comparison fails, for example due to extra leading [/ovirt-engine] path > element, it blocks the request as invalid (potential XSRF attack) > > Vojtech > > > ----- Original Message ----- > > From: "Hans-Joachim" <[email protected]> > > To: "Juan Hernandez" <[email protected]> > > Cc: [email protected] > > Sent: Thursday, August 1, 2013 1:54:55 PM > > Subject: Re: [Users] 3.3 Nightly Built July 31st: Still problems with > > gwt.rpc > > > > Hello, > > > > thank you... solved.... > > > > Hans-Joachim > > > > > > > > > > > > ----- Original Message ----- > > > > From: Juan Hernandez > > > > Sent: 08/01/13 12:58 PM > > > > To: Hans-Joachim > > > > Subject: Re: [Users] 3.3 Nightly Built July 31st: Still problems with > > gwt.rpc > > On 08/01/2013 10:48 AM, Hans-Joachim wrote: > > > Hello, > > > > > > I'm just installing 3.3 Nightly as of July 31st on my CentOS 6.4 server. > > > > > > When I try to login to the Web I got 'Error 500' > > > > > > Here the part of server.log > > > > > > ...... > > > 2013-08-01 10:40:05,098 ERROR > > > [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/webadmin]] > > > (ajp--127.0.0.1-8702-6) Exception while dispatching incoming RPC call: > > > java.lang.SecurityException: Blocked request without GWT base path > > > header (XSRF attack?) > > > at > > > com.google.gwt.rpc.server.RpcServlet.getClientOracle(RpcServlet.java:95) > > > [gwt-servlet.jar:] > > > at > > > com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:205) > > > [gwt-servlet.jar:] > > > at > > > com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62) > > > [gwt-servlet.jar:] > > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) > > > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] > > > ....... > > > > > > Hans-Joachim > > > > > > > Actually this isn't a problem with GWT RPC, but with the redirection > > that is performed from / to /ovirt-engine in the web server. You > > probably ended up with the following URL: > > > > https://whatever/ovirt-engine/webadmin/webadmin/WebAdmin.html > > > > This adds an extra "ovirt-engine" path element to the request, that the > > server side doesn't expect, so it assumes that there is a XSFR attach > > going on. Type an URL like this manually in the browser and it should work: > > > > https://whatever/webadmin/webadmin/WebAdmin.html > > > > -- > > Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta > > 3ºD, 28016 Madrid, Spain > > Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L. > > > > > > > > > > _______________________________________________ > > Users mailing list > > [email protected] > > http://lists.ovirt.org/mailman/listinfo/users > > > _______________________________________________ > Users mailing list > [email protected] > http://lists.ovirt.org/mailman/listinfo/users > _______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
