You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openmeetings.apache.org by "Darshit Patoliya (JIRA)" <ji...@apache.org> on 2017/09/06 05:25:00 UTC
[jira] [Commented] (OPENMEETINGS-1692) Http status 400 for
/om/wicket/bookmarkable/org.apache.openmeetings.web.pages.auth.SignInPage?0-1.0-
on signin page.
[ https://issues.apache.org/jira/browse/OPENMEETINGS-1692?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16154824#comment-16154824 ]
Darshit Patoliya commented on OPENMEETINGS-1692:
------------------------------------------------
Openmeeting logs seems fine but there's following log entries in red5.log
{code:java}
2017-09-06 10:41:11,874 [http-nio-0.0.0.0-5080-exec-7] INFO o.a.w.p.h.CsrfPreventionRequestCycleListener - Possible CSRF attack, request URL: http://10.1.1.204:5080/om/wicket/bookmarkable/org.apache.openmeetings.web.pages.auth.SignInPage, Origin: null, action: aborted with error 400 Origin does not correspond to request
2017-09-06 10:41:14,817 [http-nio-0.0.0.0-5080-exec-8] INFO o.a.w.p.h.CsrfPreventionRequestCycleListener - Possible CSRF attack, request URL: http://10.1.1.204:5080/om/wicket/bookmarkable/org.apache.openmeetings.web.pages.auth.SignInPage, Origin: null, action: aborted with error 400 Origin does not correspond to request
2017-09-06 10:41:15,590 [http-nio-0.0.0.0-5080-exec-9] INFO o.a.w.p.h.CsrfPreventionRequestCycleListener - Possible CSRF attack, request URL: http://10.1.1.204:5080/om/wicket/bookmarkable/org.apache.openmeetings.web.pages.auth.SignInPage, Origin: null, action: aborted with error 400 Origin does not correspond to request
2017-09-06 10:41:41,126 [http-nio-0.0.0.0-5080-exec-10] INFO o.a.w.p.h.CsrfPreventionRequestCycleListener - Possible CSRF attack, request URL: http://10.1.1.204:5080/om/wicket/bookmarkable/org.apache.openmeetings.web.pages.auth.SignInPage, Origin: null, action: aborted with error 400 Origin does not correspond to request
2017-09-06 10:41:44,714 [http-nio-0.0.0.0-5080-exec-2] INFO o.a.w.p.h.CsrfPreventionRequestCycleListener - Possible CSRF attack, request URL: http://10.1.1.204:5080/om/wicket/bookmarkable/org.apache.openmeetings.web.pages.auth.SignInPage, Origin: https://ocean.paramatrix.com, action: aborted with error 400 Origin does not correspond to request
2017-09-06 10:41:45,327 [http-nio-0.0.0.0-5080-exec-4] INFO o.a.w.p.h.CsrfPreventionRequestCycleListener - Possible CSRF attack, request URL: http://10.1.1.204:5080/om/wicket/bookmarkable/org.apache.openmeetings.web.pages.auth.SignInPage, Origin: https://ocean.paramatrix.com, action: aborted with error 400 Origin does not correspond to request
2017-09-06 10:41:45,519 [http-nio-0.0.0.0-5080-exec-5] INFO o.a.w.p.h.CsrfPreventionRequestCycleListener - Possible CSRF attack, request URL: http://10.1.1.204:5080/om/wicket/bookmarkable/org.apache.openmeetings.web.pages.auth.SignInPage, Origin: https://ocean.paramatrix.com, action: aborted with error 400 Origin does not correspond to request
2017-09-06 10:41:45,707 [http-nio-0.0.0.0-5080-exec-6] INFO o.a.w.p.h.CsrfPreventionRequestCycleListener - Possible CSRF attack, request URL: http://10.1.1.204:5080/om/wicket/bookmarkable/org.apache.openmeetings.web.pages.auth.SignInPage, Origin: https://ocean.paramatrix.com, action: aborted with error 400 Origin does not correspond to request
{code}
> Http status 400 for /om/wicket/bookmarkable/org.apache.openmeetings.web.pages.auth.SignInPage?0-1.0- on signin page.
> --------------------------------------------------------------------------------------------------------------------
>
> Key: OPENMEETINGS-1692
> URL: https://issues.apache.org/jira/browse/OPENMEETINGS-1692
> Project: Openmeetings
> Issue Type: Bug
> Affects Versions: 3.3.0
> Environment: Operating System : Ubuntu 16.04.3 LTS
> Browser: Mozila Firefox 55.0.2 (64-bit)
> Reporter: Darshit Patoliya
> Assignee: Maxim Solodovnik
>
> Hi,
> I am running openmeeting behind nginx and changed default URL /openmeetings to /om.
> While accessing openmeeting from http://<ip_address>:5080 everything works fine, but accessing through https://<server_name>/om/ it will redirect to signin page but 400 error raise for following urls
> {code:java}
> https://<xxx.xxx.com>/om/wicket/bookmarkable/org.apache.openmeetings.web.pages.auth.SignInPage?0--forget-form-captcha-captcha
> https://<xxx.xxx.com>/om/wicket/bookmarkable/org.apache.openmeetings.web.pages.auth.SignInPage?0--forget-form-captcha-captcha
> https://<xxx.xxx.com>/om/wicket/bookmarkable/org.apache.openmeetings.web.pages.auth.SignInPage?1-1.0-&_=1504614984218&
> {code}
> are found in browser network tool, because of that I am not able to login.
> Following is my nginx setup
> {code:java}
> location /om/ {
> proxy_pass http://<ip_address>:5080;
> proxy_redirect off;
> }
> location /om/public/ {
> alias /opt/apache-openmeetings-3.3.0/webapps/om/public/;
> }
> location /om/css/ {
> alias /opt/apache-openmeetings-3.3.0/webapps/om/css/;
> }
> location /om/images/ {
> alias /opt/apache-openmeetings-3.3.0/webapps/om/images/;
> }
> location /om/js/ {
> alias /opt/apache-openmeetings-3.3.0/webapps/om/js/;
> }
> {code}
> I am not sure it is issue of nginx proxy configuration or openmeeting configurations.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)