You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "aparna khare (JIRA)" <ji...@apache.org> on 2016/05/10 09:36:12 UTC
[jira] [Commented] (HTTPCLIENT-1741) X-CSRF-Valication issues
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1741?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15277860#comment-15277860 ]
aparna khare commented on HTTPCLIENT-1741:
------------------------------------------
I'm using HttpClient 4.1.3 version.Due to some issues I moved from apache cxf to httpClient the csrf was working earlier now when I get the values in set-cookie header and pass the same value it gives error
MYSSO=AjQxMDMBABhBAEQASwBPAEwASQAgACAAIAAgACAAIAACAAYxADAAMAADABBHADMAVAAgACAAIAAgACAABAAYMgAwADEANgAwADUAMQAwADAAOQAwADAABQAEAAAACAYAAlgACQACRQD%2fATUwggExBgkqhkiG9w0BBwKgggEiMIIBHgIBATELMAkGBSsOAwIaBQAwCwYJKoZIhvcNAQcBMYH%21MIH7AgEBMFAwRTELMAkGA1UEBhMCREUxDzANBgNVBAoTBlNBUC1BRzEMMAoGA1UECxMDRzNUMRcwFQYDVQQDDA4qLndkZi5zYXAuY29ycAIHIBQCAxAZATAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTYwNTEwMDkwMDU2WjAjBgkqhkiG9w0BCQQxFgQU2yWC3FqsVVbkd5fm88bTOkZXxBUwCQYHKoZIzjgEAwQvMC0CFQCKYZUVg7cqKbBN0%21Ipsje44PTspwIUMqTZenFqhPaJ%2fz3I913GajeUHuY%3d; path=/; domain=.xx.xx.xx,xx_SESSIONID_GT_100=GTCo7WBG8iV66CkETV5DYLOh2fcWjRHmhvoAUFa0PPA%3d; path=/,xx-XSRF_GT_100=aaaaaaa%3d%3d20160510090056gv1TL5k8mO9aKRMYbcGK3tt-ylbmZVAJwt3SyvT203c%3d; path=/; HttpOnly,
MYSSO=AjQxMDMBABhBAEQASwBPAEwASQAgACAAIAAgACAAIAACAAYxADAAMAADABBHADMAVAAgACAAIAAgACAABAAYMgAwADEANgAwADUAMQAwADAAOQAwADAABQAEAAAACAYAAlgACQACRQD%2fATUwggExBgkqhkiG9w0BBwKgggEiMIIBHgIBATELMAkGBSsOAwIaBQAwCwYJKoZIhvcNAQcBMYH%21MIH7AgEBMFAwRTELMAkGA1UEBhMCREUxDzANBgNVBAoTBlNBUC1BRzEMMAoGA1UECxMDRzNUMRcwFQYDVQQDDA4qLndkZi5zYXAuY29ycAIHIBQCAxAZATAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTYwNTEwMDkwMDU2WjAjBgkqhkiG9w0BCQQxFgQU2yWC3FqsVVbkd5fm88bTOkZXxBUwCQYHKoZIzjgEAwQvMC0CFQCKYZUVg7cqKbBN0%21Ipsje44PTspwIUMqTZenFqhPaJ%2fz3I913GajeUHuY%3d; path=/; domain=.xx.xx.xx, xx_SESSIONID_GT_100=GTCo7WBG8iV66CkETV5DYLOh2fcWjRHmhvoAUFa0PPA%3d; path=/, xx-XSRF_G3T_100=aaaaaaa%3d%3d20160510090056gv1TL5k8mO9aKRMYbcGK3tt-ylbmZVAJwt3SyvT203c%3d; path=/; HttpOnly
Even thought I set the same cookie in request header it does not work.
Also I tried via creating CookieStore even that does not work
private CookieStore getCookieStore() {
HttpServletRequest req = getHttpServletRequest();
Object cs = req.getSession().getAttribute("mmmmm");
if (cs == null) {
cs = new BasicCookieStore();
req.getSession().setAttribute("mmmm", cs);
}
return (CookieStore) cs;
}
private HttpServletRequest getHttpServletRequest() {
return (HttpServletRequest) getContext().
getParameter(context.HTTP_SERVLET_REQUEST_OBJECT);
}
private void putCookieStore(CookieStore cs) {
getHttpServletRequest().getSession().setAttribute("mmm", cs);
}
Initialization of http client
DefaultHttpClient rsClient = new DefaultHttpClient();
setTrustAll(rsClient);
rsClient.setCookieStore(cs);
Can some one please help.
> X-CSRF-Valication issues
> ------------------------
>
> Key: HTTPCLIENT-1741
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1741
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient, HttpConn
> Affects Versions: Snapshot
> Reporter: aparna khare
> Priority: Critical
> Fix For: Snapshot
>
>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org