Example project demonstrating it is here: https://github.com/solomax/ajax-download
html with WebSocket.send: https://github.com/solomax/ajax-download/commit/84af661b1e5e110419f17dbf9295547c135a0cc5#diff-217ea4d3217197ce4ece382e050a7302R26 On Mon, May 15, 2017 at 3:14 PM, Maxim Solodovnik <solomax...@gmail.com> wrote: > Thanks a lot for checking Martin, > > The issue seems to be caused by following code in *.html (reproducible > using quickstart) > > <script type="text/javascript"> > $(function() { > Wicket.Event.subscribe(Wicket.Event.Topic.WebSocket.Opened, function() { > Wicket.WebSocket.send("socketConnected"); > }); > }); > </script> > > I guess I need to manually set missing headers in such call > > Can you please help to set necessary headers? > > On Mon, May 15, 2017 at 1:50 PM, Martin Grigorov <mgrigo...@apache.org> wrote: >> Hi Maxim, >> >> Just adding getRequestCycleListeners().add(new >> CsrfPreventionRequestCycleListener()); >> to org.apache.wicket.examples.websocket.JSR356Application#init() doesn't >> lead to any error. >> >> Martin Grigorov >> Wicket Training and Consulting >> https://twitter.com/mtgrigorov >> >> On Mon, May 15, 2017 at 7:54 AM, Maxim Solodovnik <solomax...@gmail.com> >> wrote: >> >>> Hello Martin, >>> >>> were you able to take a look at it? >>> I was hoping to have M6 with working Csrf+WebSockets .... >>> >>> On Fri, May 12, 2017 at 4:45 PM, Maxim Solodovnik <solomax...@gmail.com> >>> wrote: >>> > Thanks a million, Martin :) >>> > >>> > On Fri, May 12, 2017 at 4:34 PM, Martin Grigorov <mgrigo...@apache.org> >>> wrote: >>> >> Hi Maxim, >>> >> >>> >> I don't use this combination. >>> >> But I will try to test it soon and see what can be done. >>> >> >>> >> Martin Grigorov >>> >> Wicket Training and Consulting >>> >> https://twitter.com/mtgrigorov >>> >> >>> >> On Fri, May 12, 2017 at 11:00 AM, Maxim Solodovnik < >>> solomax...@gmail.com> >>> >> wrote: >>> >> >>> >>> Does anybody uses this filter? >>> >>> >>> >>> On Thu, May 11, 2017 at 10:44 AM, Maxim Solodovnik < >>> solomax...@gmail.com> >>> >>> wrote: >>> >>> > Hello All, >>> >>> > >>> >>> > just have tried to add CsrfPreventionRequestCycleListener to our >>> >>> application >>> >>> > everything seems to work except for Websockets :( >>> >>> > >>> >>> > Now I'm getting >>> >>> > >>> >>> > [INFO] [http-nio-0.0.0.0-5080-exec-9] >>> >>> > org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener - >>> >>> > Possible CSRF attack, request URL: >>> >>> > /openmeetings/wicket/websocket?pageId=1&wicket- >>> >>> ajax-baseurl=&wicket-app-name=OpenmeetingsApplication, >>> >>> > Origin: null, action: aborted with error 400 Origin does not >>> >>> > correspond to request >>> >>> > [WARN] [http-nio-0.0.0.0-5080-exec-9] >>> >>> > org.apache.wicket.protocol.ws.api.WebSocketResponse - An HTTP error >>> >>> > response in WebSocket communication would not be processed by the >>> >>> > browser! If you need to send the error code and message to the client >>> >>> > then configure custom WebSocketResponse via >>> >>> > WebSocketSettings#newWebSocketResponse() factory method and override >>> >>> > #sendError() method to write them in an appropriate format for your >>> >>> > application. The ignored error code is '400' and the message: 'Origin >>> >>> > does not correspond to request'. >>> >>> > >>> >>> > in the logs ... >>> >>> > What should I do to set Origin for Websockets? >>> >>> > >>> >>> > -- >>> >>> > WBR >>> >>> > Maxim aka solomax >>> >>> >>> >>> >>> >>> >>> >>> -- >>> >>> WBR >>> >>> Maxim aka solomax >>> >>> >>> >>> --------------------------------------------------------------------- >>> >>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >>> >>> For additional commands, e-mail: users-h...@wicket.apache.org >>> >>> >>> >>> >>> > >>> > >>> > >>> > -- >>> > WBR >>> > Maxim aka solomax >>> >>> >>> >>> -- >>> WBR >>> Maxim aka solomax >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >>> For additional commands, e-mail: users-h...@wicket.apache.org >>> >>> > > > > -- > WBR > Maxim aka solomax -- WBR Maxim aka solomax --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
