那些遇到过的问题

小编man*_*tis的帖子

GWT:XSRF:偶尔丢失X-GWT-Permutation标头

我的应用程序收到GWT在RemoteServiceServlet.checkPermutationStrongName()找不到X-GWT-Permutation HTTP Header 时偶然发生的XSRF攻击错误HttpServletRequest.发生错误时,日志文件中会出现以下行:

WARNING: doUnexpectedFailure was invoked.
java.lang.SecurityException: Blocked request without GWT permutation header (XSRF attack?)
Run Code Online (Sandbox Code Playgroud)

在托管模式和Web模式下,Firefox 3.x和4.0都遇到了这个问题.

我运行了Live Headers,确实缺少HTTP头.

该应用程序是vanilla GWT RPC.

有任何想法吗?

失败标题

http://127.0.0.1:8888/org.drools.guvnor.Guvnor/guvnorService

POST /org.drools.guvnor.Guvnor/guvnorService HTTP/1.1
Host: 127.0.0.1:8888
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.10 (maverick) Firefox/3.6.15
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 154
Content-Type: text/x-gwt-rpc; charset=utf-8
Referer: http://127.0.0.1:8888/org.drools.guvnor.Guvnor/Guvnor.html?gwt.codesv...
Cookie: standalone_usage=true
Pragma: no-cache
Cache-Control: no-cache


7|0|4|http://127.0.0.1:8888/org.drools.guvnor.Guvnor/|
6808FDC8A4FA3491026441B59E4DB72A|
org.drools.guvnor.client.rpc.RepositoryService|subscribe|1|2|3|4|0|

HTTP/1.1 400 Bad Request …
Run Code Online (Sandbox Code Playgroud)

firefox gwt securityexception gwt-rpc

man*_*tis
2011 04-11
4
推荐指数
1
解决办法
3870
查看次数

标签 统计

firefox ×1

gwt ×1

gwt-rpc ×1

securityexception ×1