[
https://issues.apache.org/jira/browse/WOOKIE-222?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13103472#comment-13103472
]
Scott Wilson commented on WOOKIE-222:
-------------------------------------
More info here for reference:
http://www.tomcatexpert.com/blog/2011/01/26/cross-site-scripting-xss-prevention-tomcat-7
I think its safer to turn off DWR's xss mechanism and leave on Tomcat 7's as
there seems to be an issue with DWR's XSS detection and the two are in conflict.
> "Session Error" dialog for each widget appears in tomcat 7 (using the WAR
> build)
> --------------------------------------------------------------------------------
>
> Key: WOOKIE-222
> URL: https://issues.apache.org/jira/browse/WOOKIE-222
> Project: Wookie
> Issue Type: Bug
> Components: Server
> Affects Versions: 0.9.0
> Environment: Winows 7 sp1 64 all browsers, tomcat 7.0.16
> Reporter: Paul Sharples
> Assignee: Paul Sharples
> Fix For: 0.9.1
>
>
> Opening a widget in the gallery - causes a "Session Error" browser dialog to
> be displayed for each widget on the page during loading, repeated after a
> page refresh (as reported by Ate in WOOKIE-181). Seems there is a problem in
> the engine.js section of dwr. Doesn't appear to happen in tomcat 6*.
> Moving this as a top level issue as it was a little hidden.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
