Thanks a lot for checking Martin,
The issue seems to be caused by following code in *.html (reproducible
using quickstart)
<script type="text/javascript">
$(function() {
Wicket.Event.subscribe(Wicket.Event.Topic.WebSocket.Opened, function() {
Wicket.WebSocket.send("socketConnected");
});
});
</script>
I guess I need to manually set missing headers in such call
Can you please help to set necessary headers?
On Mon, May 15, 2017 at 1:50 PM, Martin Grigorov <mgrigo...@apache.org> wrote:
> Hi Maxim,
>
> Just adding getRequestCycleListeners().add(new
> CsrfPreventionRequestCycleListener());
> to org.apache.wicket.examples.websocket.JSR356Application#init() doesn't
> lead to any error.
>
> Martin Grigorov
> Wicket Training and Consulting
> https://twitter.com/mtgrigorov
>
> On Mon, May 15, 2017 at 7:54 AM, Maxim Solodovnik <solomax...@gmail.com>
> wrote:
>
>> Hello Martin,
>>
>> were you able to take a look at it?
>> I was hoping to have M6 with working Csrf+WebSockets ....
>>
>> On Fri, May 12, 2017 at 4:45 PM, Maxim Solodovnik <solomax...@gmail.com>
>> wrote:
>> > Thanks a million, Martin :)
>> >
>> > On Fri, May 12, 2017 at 4:34 PM, Martin Grigorov <mgrigo...@apache.org>
>> wrote:
>> >> Hi Maxim,
>> >>
>> >> I don't use this combination.
>> >> But I will try to test it soon and see what can be done.
>> >>
>> >> Martin Grigorov
>> >> Wicket Training and Consulting
>> >> https://twitter.com/mtgrigorov
>> >>
>> >> On Fri, May 12, 2017 at 11:00 AM, Maxim Solodovnik <
>> solomax...@gmail.com>
>> >> wrote:
>> >>
>> >>> Does anybody uses this filter?
>> >>>
>> >>> On Thu, May 11, 2017 at 10:44 AM, Maxim Solodovnik <
>> solomax...@gmail.com>
>> >>> wrote:
>> >>> > Hello All,
>> >>> >
>> >>> > just have tried to add CsrfPreventionRequestCycleListener to our
>> >>> application
>> >>> > everything seems to work except for Websockets :(
>> >>> >
>> >>> > Now I'm getting
>> >>> >
>> >>> > [INFO] [http-nio-0.0.0.0-5080-exec-9]
>> >>> > org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener -
>> >>> > Possible CSRF attack, request URL:
>> >>> > /openmeetings/wicket/websocket?pageId=1&wicket-
>> >>> ajax-baseurl=&wicket-app-name=OpenmeetingsApplication,
>> >>> > Origin: null, action: aborted with error 400 Origin does not
>> >>> > correspond to request
>> >>> > [WARN] [http-nio-0.0.0.0-5080-exec-9]
>> >>> > org.apache.wicket.protocol.ws.api.WebSocketResponse - An HTTP error
>> >>> > response in WebSocket communication would not be processed by the
>> >>> > browser! If you need to send the error code and message to the client
>> >>> > then configure custom WebSocketResponse via
>> >>> > WebSocketSettings#newWebSocketResponse() factory method and override
>> >>> > #sendError() method to write them in an appropriate format for your
>> >>> > application. The ignored error code is '400' and the message: 'Origin
>> >>> > does not correspond to request'.
>> >>> >
>> >>> > in the logs ...
>> >>> > What should I do to set Origin for Websockets?
>> >>> >
>> >>> > --
>> >>> > WBR
>> >>> > Maxim aka solomax
>> >>>
>> >>>
>> >>>
>> >>> --
>> >>> WBR
>> >>> Maxim aka solomax
>> >>>
>> >>> ---------------------------------------------------------------------
>> >>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>> >>> For additional commands, e-mail: users-h...@wicket.apache.org
>> >>>
>> >>>
>> >
>> >
>> >
>> > --
>> > WBR
>> > Maxim aka solomax
>>
>>
>>
>> --
>> WBR
>> Maxim aka solomax
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>> For additional commands, e-mail: users-h...@wicket.apache.org
>>
>>
--
WBR
Maxim aka solomax
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
