On 28/07/2016 07:55, Robert Alsdorff wrote: > On 26.07.2016 12:22, Mark Thomas wrote: >> On 26/07/2016 11:18, Robert Alsdorff wrote: >>> Hey folks, >>> >>> during some tests I had several 403 Validation of CSRF security token >>> failed errors. Since it's only a testing system I'd like to disable >>> the CSRF checks but I don't find any information on how to do that. >>> Has anybody already done that and can help me out? >> >> Assuming that the CSRF protection is provided by the standard Tomcat >> filter, remove the mapping for the CSRF filter in the web.xml of the >> application. >> >> Mark > > I searched the standard web.xml, the standard server.xml and the > applications > web.xml for the CSRF filter but non of these have the filter mappings. > A quick search showed that there are no more web.xml files on my system. > Where > else could that filter be enabled or do I have to define the filter in the > web.xml and set some kind of disabled flag?
The only place that filter will be defined is in web.xml. It has to be defined for it to be enabled. It is possible that the CSRF protection is being provided by a component other than Tomcat. If that is the case, you'll need to figure out which and then look in the docs for that component to disable it. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
