You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Jan Riehn (JIRA)" <ji...@apache.org> on 2012/10/25 18:15:12 UTC
[jira] [Created] (WICKET-4841) Frequent faked AJAX requests prevent
monitoring
Jan Riehn created WICKET-4841:
---------------------------------
Summary: Frequent faked AJAX requests prevent monitoring
Key: WICKET-4841
URL: https://issues.apache.org/jira/browse/WICKET-4841
Project: Wicket
Issue Type: Bug
Components: wicket
Affects Versions: 1.5.8
Reporter: Jan Riehn
Hello,
currently we've got a problem with faked ajax requests. these ajax
requests misses some parameters, but the wicket-ajax header flag is set.
So ServletWebRequest throws an exception:
java.lang.IllegalStateException: Current ajax request is missing the base url header or parameter
at org.apache.wicket.util.lang.Checks.notNull(Checks.java:38)
at org.apache.wicket.protocol.http.servlet.ServletWebRequest.getClientUrl(ServletWebRequest.java:171)
at org.apache.wicket.request.UrlRenderer.<init>(UrlRenderer.java:59)
These faked requests are so massive, that our application is no longer
monitorable. Our workaround rejects these requests via apache config.
Instead of logging an exception, in deployment mode wicket should log a warning a reject the request
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (WICKET-4841) Return error code 400 when an Ajax
request has no base url set in header/request parameters.
Posted by "Martin Grigorov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-4841?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Grigorov updated WICKET-4841:
------------------------------------
Summary: Return error code 400 when an Ajax request has no base url set in header/request parameters. (was: Frequently faked AJAX requests prevent monitoring)
> Return error code 400 when an Ajax request has no base url set in header/request parameters.
> --------------------------------------------------------------------------------------------
>
> Key: WICKET-4841
> URL: https://issues.apache.org/jira/browse/WICKET-4841
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 1.5.8
> Reporter: Jan Riehn
>
> Hello,
> currently we've got a problem with faked ajax requests. these ajax
> requests misses some parameters, but the wicket-ajax header flag is set.
> So ServletWebRequest throws an exception:
> java.lang.IllegalStateException: Current ajax request is missing the base url header or parameter
> at org.apache.wicket.util.lang.Checks.notNull(Checks.java:38)
> at org.apache.wicket.protocol.http.servlet.ServletWebRequest.getClientUrl(ServletWebRequest.java:171)
> at org.apache.wicket.request.UrlRenderer.<init>(UrlRenderer.java:59)
> These faked requests are so massive, that our application is no longer
> monitorable. Our workaround rejects these requests via apache config.
> Instead of logging an exception, in deployment mode wicket should log a warning and reject the request
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (WICKET-4841) Frequent faked AJAX requests prevent
monitoring
Posted by "Jan Riehn (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-4841?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jan Riehn updated WICKET-4841:
------------------------------
Description:
Hello,
currently we've got a problem with faked ajax requests. these ajax
requests misses some parameters, but the wicket-ajax header flag is set.
So ServletWebRequest throws an exception:
java.lang.IllegalStateException: Current ajax request is missing the base url header or parameter
at org.apache.wicket.util.lang.Checks.notNull(Checks.java:38)
at org.apache.wicket.protocol.http.servlet.ServletWebRequest.getClientUrl(ServletWebRequest.java:171)
at org.apache.wicket.request.UrlRenderer.<init>(UrlRenderer.java:59)
These faked requests are so massive, that our application is no longer
monitorable. Our workaround rejects these requests via apache config.
Instead of logging an exception, in deployment mode wicket should log a warning and reject the request
was:
Hello,
currently we've got a problem with faked ajax requests. these ajax
requests misses some parameters, but the wicket-ajax header flag is set.
So ServletWebRequest throws an exception:
java.lang.IllegalStateException: Current ajax request is missing the base url header or parameter
at org.apache.wicket.util.lang.Checks.notNull(Checks.java:38)
at org.apache.wicket.protocol.http.servlet.ServletWebRequest.getClientUrl(ServletWebRequest.java:171)
at org.apache.wicket.request.UrlRenderer.<init>(UrlRenderer.java:59)
These faked requests are so massive, that our application is no longer
monitorable. Our workaround rejects these requests via apache config.
Instead of logging an exception, in deployment mode wicket should log a warning a reject the request
> Frequent faked AJAX requests prevent monitoring
> -----------------------------------------------
>
> Key: WICKET-4841
> URL: https://issues.apache.org/jira/browse/WICKET-4841
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 1.5.8
> Reporter: Jan Riehn
>
> Hello,
> currently we've got a problem with faked ajax requests. these ajax
> requests misses some parameters, but the wicket-ajax header flag is set.
> So ServletWebRequest throws an exception:
> java.lang.IllegalStateException: Current ajax request is missing the base url header or parameter
> at org.apache.wicket.util.lang.Checks.notNull(Checks.java:38)
> at org.apache.wicket.protocol.http.servlet.ServletWebRequest.getClientUrl(ServletWebRequest.java:171)
> at org.apache.wicket.request.UrlRenderer.<init>(UrlRenderer.java:59)
> These faked requests are so massive, that our application is no longer
> monitorable. Our workaround rejects these requests via apache config.
> Instead of logging an exception, in deployment mode wicket should log a warning and reject the request
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (WICKET-4841) Frequently faked AJAX requests
prevent monitoring
Posted by "Jan Riehn (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-4841?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jan Riehn updated WICKET-4841:
------------------------------
Summary: Frequently faked AJAX requests prevent monitoring (was: Frequent faked AJAX requests prevent monitoring)
> Frequently faked AJAX requests prevent monitoring
> -------------------------------------------------
>
> Key: WICKET-4841
> URL: https://issues.apache.org/jira/browse/WICKET-4841
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 1.5.8
> Reporter: Jan Riehn
>
> Hello,
> currently we've got a problem with faked ajax requests. these ajax
> requests misses some parameters, but the wicket-ajax header flag is set.
> So ServletWebRequest throws an exception:
> java.lang.IllegalStateException: Current ajax request is missing the base url header or parameter
> at org.apache.wicket.util.lang.Checks.notNull(Checks.java:38)
> at org.apache.wicket.protocol.http.servlet.ServletWebRequest.getClientUrl(ServletWebRequest.java:171)
> at org.apache.wicket.request.UrlRenderer.<init>(UrlRenderer.java:59)
> These faked requests are so massive, that our application is no longer
> monitorable. Our workaround rejects these requests via apache config.
> Instead of logging an exception, in deployment mode wicket should log a warning and reject the request
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (WICKET-4841) Return error code 400 when an Ajax
request has no base url set in header/request parameters.
Posted by "Martin Grigorov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-4841?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Grigorov resolved WICKET-4841.
-------------------------------------
Resolution: Fixed
Fix Version/s: 1.5.9
6.3.0
Assignee: Martin Grigorov
>From now on Http error 400 (Bad request) will be returned to the client.
> Return error code 400 when an Ajax request has no base url set in header/request parameters.
> --------------------------------------------------------------------------------------------
>
> Key: WICKET-4841
> URL: https://issues.apache.org/jira/browse/WICKET-4841
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 1.5.8
> Reporter: Jan Riehn
> Assignee: Martin Grigorov
> Fix For: 6.3.0, 1.5.9
>
>
> Hello,
> currently we've got a problem with faked ajax requests. these ajax
> requests misses some parameters, but the wicket-ajax header flag is set.
> So ServletWebRequest throws an exception:
> java.lang.IllegalStateException: Current ajax request is missing the base url header or parameter
> at org.apache.wicket.util.lang.Checks.notNull(Checks.java:38)
> at org.apache.wicket.protocol.http.servlet.ServletWebRequest.getClientUrl(ServletWebRequest.java:171)
> at org.apache.wicket.request.UrlRenderer.<init>(UrlRenderer.java:59)
> These faked requests are so massive, that our application is no longer
> monitorable. Our workaround rejects these requests via apache config.
> Instead of logging an exception, in deployment mode wicket should log a warning and reject the request
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira