You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openmeetings.apache.org by "Darshit Patoliya (JIRA)" <ji...@apache.org> on 2017/09/06 05:25:00 UTC
[jira] [Commented] (OPENMEETINGS-1692) Http status 400 for /om/wicket/bookmarkable/org.apache.openmeetings.web.pages.auth.SignInPage?0-1.0- on signin page.

    [ https://issues.apache.org/jira/browse/OPENMEETINGS-1692?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16154824#comment-16154824 ] 

Darshit Patoliya commented on OPENMEETINGS-1692:
------------------------------------------------

Openmeeting logs seems fine but there's following log entries in red5.log

{code:java}

2017-09-06 10:41:11,874 [http-nio-0.0.0.0-5080-exec-7] INFO  o.a.w.p.h.CsrfPreventionRequestCycleListener - Possible CSRF attack, request URL: http://10.1.1.204:5080/om/wicket/bookmarkable/org.apache.openmeetings.web.pages.auth.SignInPage, Origin: null, action: aborted with error 400 Origin does not correspond to request
2017-09-06 10:41:14,817 [http-nio-0.0.0.0-5080-exec-8] INFO  o.a.w.p.h.CsrfPreventionRequestCycleListener - Possible CSRF attack, request URL: http://10.1.1.204:5080/om/wicket/bookmarkable/org.apache.openmeetings.web.pages.auth.SignInPage, Origin: null, action: aborted with error 400 Origin does not correspond to request
2017-09-06 10:41:15,590 [http-nio-0.0.0.0-5080-exec-9] INFO  o.a.w.p.h.CsrfPreventionRequestCycleListener - Possible CSRF attack, request URL: http://10.1.1.204:5080/om/wicket/bookmarkable/org.apache.openmeetings.web.pages.auth.SignInPage, Origin: null, action: aborted with error 400 Origin does not correspond to request
2017-09-06 10:41:41,126 [http-nio-0.0.0.0-5080-exec-10] INFO  o.a.w.p.h.CsrfPreventionRequestCycleListener - Possible CSRF attack, request URL: http://10.1.1.204:5080/om/wicket/bookmarkable/org.apache.openmeetings.web.pages.auth.SignInPage, Origin: null, action: aborted with error 400 Origin does not correspond to request
2017-09-06 10:41:44,714 [http-nio-0.0.0.0-5080-exec-2] INFO  o.a.w.p.h.CsrfPreventionRequestCycleListener - Possible CSRF attack, request URL: http://10.1.1.204:5080/om/wicket/bookmarkable/org.apache.openmeetings.web.pages.auth.SignInPage, Origin: https://ocean.paramatrix.com, action: aborted with error 400 Origin does not correspond to request
2017-09-06 10:41:45,327 [http-nio-0.0.0.0-5080-exec-4] INFO  o.a.w.p.h.CsrfPreventionRequestCycleListener - Possible CSRF attack, request URL: http://10.1.1.204:5080/om/wicket/bookmarkable/org.apache.openmeetings.web.pages.auth.SignInPage, Origin: https://ocean.paramatrix.com, action: aborted with error 400 Origin does not correspond to request
2017-09-06 10:41:45,519 [http-nio-0.0.0.0-5080-exec-5] INFO  o.a.w.p.h.CsrfPreventionRequestCycleListener - Possible CSRF attack, request URL: http://10.1.1.204:5080/om/wicket/bookmarkable/org.apache.openmeetings.web.pages.auth.SignInPage, Origin: https://ocean.paramatrix.com, action: aborted with error 400 Origin does not correspond to request
2017-09-06 10:41:45,707 [http-nio-0.0.0.0-5080-exec-6] INFO  o.a.w.p.h.CsrfPreventionRequestCycleListener - Possible CSRF attack, request URL: http://10.1.1.204:5080/om/wicket/bookmarkable/org.apache.openmeetings.web.pages.auth.SignInPage, Origin: https://ocean.paramatrix.com, action: aborted with error 400 Origin does not correspond to request
{code}



> Http status 400 for /om/wicket/bookmarkable/org.apache.openmeetings.web.pages.auth.SignInPage?0-1.0- on signin page.
> --------------------------------------------------------------------------------------------------------------------
>
>                 Key: OPENMEETINGS-1692
>                 URL: https://issues.apache.org/jira/browse/OPENMEETINGS-1692
>             Project: Openmeetings
>          Issue Type: Bug
>    Affects Versions: 3.3.0
>         Environment: Operating System : Ubuntu 16.04.3 LTS
> Browser: Mozila Firefox 55.0.2 (64-bit)
>            Reporter: Darshit Patoliya
>            Assignee: Maxim Solodovnik
>
> Hi,
> I am running openmeeting behind nginx and changed default URL /openmeetings to /om.
> While accessing openmeeting from http://<ip_address>:5080 everything works fine, but accessing through https://<server_name>/om/ it will redirect to signin page but 400 error raise for following urls
> {code:java}
> https://<xxx.xxx.com>/om/wicket/bookmarkable/org.apache.openmeetings.web.pages.auth.SignInPage?0--forget-form-captcha-captcha
> https://<xxx.xxx.com>/om/wicket/bookmarkable/org.apache.openmeetings.web.pages.auth.SignInPage?0--forget-form-captcha-captcha
> https://<xxx.xxx.com>/om/wicket/bookmarkable/org.apache.openmeetings.web.pages.auth.SignInPage?1-1.0-&_=1504614984218&
> {code}
> are found in browser network tool, because of that I am not able to login.
> Following is my nginx setup
> {code:java}
> location /om/ {
>             proxy_pass http://<ip_address>:5080;
>             proxy_redirect off;
>         }
>         location /om/public/ {
>             alias /opt/apache-openmeetings-3.3.0/webapps/om/public/;
>         }
>         location /om/css/ {
>             alias /opt/apache-openmeetings-3.3.0/webapps/om/css/;
>         }
>         location /om/images/ {
>             alias /opt/apache-openmeetings-3.3.0/webapps/om/images/;
>         }
>         location /om/js/ {
>             alias /opt/apache-openmeetings-3.3.0/webapps/om/js/;
>         }
> {code}
> I am not sure it is issue of nginx proxy configuration or openmeeting configurations.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)