Does anybody uses this filter? On Thu, May 11, 2017 at 10:44 AM, Maxim Solodovnik <solomax...@gmail.com> wrote: > Hello All, > > just have tried to add CsrfPreventionRequestCycleListener to our application > everything seems to work except for Websockets :( > > Now I'm getting > > [INFO] [http-nio-0.0.0.0-5080-exec-9] > org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener - > Possible CSRF attack, request URL: > /openmeetings/wicket/websocket?pageId=1&wicket-ajax-baseurl=&wicket-app-name=OpenmeetingsApplication, > Origin: null, action: aborted with error 400 Origin does not > correspond to request > [WARN] [http-nio-0.0.0.0-5080-exec-9] > org.apache.wicket.protocol.ws.api.WebSocketResponse - An HTTP error > response in WebSocket communication would not be processed by the > browser! If you need to send the error code and message to the client > then configure custom WebSocketResponse via > WebSocketSettings#newWebSocketResponse() factory method and override > #sendError() method to write them in an appropriate format for your > application. The ignored error code is '400' and the message: 'Origin > does not correspond to request'. > > in the logs ... > What should I do to set Origin for Websockets? > > -- > WBR > Maxim aka solomax
-- WBR Maxim aka solomax --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org