-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Victor,
On 6/23/20 13:08, Victor Norman wrote: > We are trying to upgrade a server that uses Guacamole / Tomcat7 on > Ubuntu 16.04 to Ubuntu 18.04 or 20.04 with Tomcat 8 or 9. > > You can try out the server yourself, by going to > http://agora.cs.calvin.edu:8080/. > > Each time we get close to having it work, we see this error show up > in the console of the browser: > > POST http://agora.cs.calvin.edu:8080/agora/api/tokens 403 403 is obviously "forbidden". That can happen for a lot of reasons, most of them likely in your application. > Drilling down on that in Chrome, I find: > > > * Request URL: http://agora.cs.calvin.edu:8080/agora/api/tokens * > Request Method: POST * Status Code: 403 * Remote Address: > 153.106.116.108:8080 * Referrer Policy: no-referrer-when-downgrade > 1. Response Headersview source * Content-Type: application/json * > Date: Tue, 23 Jun 2020 16:42:56 GMT * Transfer-Encoding: chunked 2. > Request Headersview source * Accept: application/json, text/plain, > */* * Accept-Encoding: gzip, deflate * Accept-Language: > en-US,en;q=0.9 * Cache-Control: no-cache * Connection: keep-alive > * Content-Length: 0 * Content-Type: > application/x-www-form-urlencoded * Cookie: > JSESSIONID=F61EBB3764D21F4A6161304BB9D820EF; > JSESSIONID=BA81E2D37D390F411711FAB57F5B8DBF * DNT: 1 * Host: > agora.cs.calvin.edu:8080 * Origin: http://agora.cs.calvin.edu:8080 Since you have an "Origin" header, is this a REST call? Are you using CORS? Has it been configured correctly? > * Pragma: no-cache * Referer: > http://agora.cs.calvin.edu:8080/agora/ * User-Agent: Mozilla/5.0 > (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 > (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36 > > What is this request to POST to ../api/tokens? This must be something Guacamole-related, or in your own application. Tomcat won't do this. > Is this some new security added in tomcat8 or 9 that we need to > account for? Or is it a file permissions issue somehow? > > I'd really appreciate any insight anyone has. It's tough to say why you are getting this response. You will probably have to dig-into your application's logs to see what is happening. If you have CORS enabled, it's very easy to get that configuration wrong and lock clients out. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl7yPgwACgkQHPApP6U8 pFipVxAAune0nuUM8GqljUeECPC2hfn+PUVKsC8XZXr9TBqCoqOlHnav2H7VUrlP e80O+z7nC3fOuUm7xDk+kNp5aY4luIOSY3miNtsSU402VkGy1Aa2kJtmp00BSH5X UvLVLKU29H+gucOhvcqPjiiSgRWuN7uYpkhRet4DYQC/disc6PM/QLomkAG/IK0W tIiOgIsTobc7K9XpihTkD7tZHhla1aV0dZ+c4WSfy0R2XvyisA43yHtWImMTrzEt GtRy7ZsXb8ibDMv0ZY2coN1LEFofUEo9BJFQsnbtTd5WXKQrUxNeddLB6HI3LXqt 6aX0ENHcFVwoCHNk6o860/aItAjSHn5nNYLkFTaoi9GSX8tdXkC/zqReUCA75QPJ CCUbKWBjxC295+H5HhKPu/2UPuOSe+6nKLOUIz/5RWUnINypTC6X+IIvxowXh4Dh i0IA7dexpEmFg5MZjs3YfYruDjljGkv7iSmCySCJxGosUdQcY7gIvgtro9fGxe8s xXNzmri1i2ir7Dh4a1K+ZrbW7GW1JVXQ9mIcI5xgOBvu3690G9ufcQaNdA1ozpjl e4o4WBD8UEZtsnxp5CAyU1BYKed+AQCBlFBOurPWWTShKenhlyZ+2mDlFpbL7Nms gV1CUkonnIU3ESXwihMclUae4rIBSMakSPxuNMTfbNLfjulxRR4= =7uFs -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org