https://connect.hyland.com/t5/alfresco-archive/no-puedo-acceder-mediante-localhost/m-p/100096#M69304 <P>Esta todo por defecto, tal como viene en el Compose.</P><P>Mediante IP funciona todo muy bien, y aparte alfresco share no me funciona externamente, es decir, se carga la pagina del login, pero no puedo logearme, al introducir los datos y logearme, me direge a una antigua pagina de alfresco, pero con alfresco content application, externamente todo funcion, puedo logearme.</P> Sun, 25 Apr 2021 02:41:25 GMT Alfred2 2021-04-25T02:41:25Z https://connect.hyland.com/t5/alfresco-archive/no-puedo-acceder-mediante-localhost/m-p/100092#M69300 <P>Hola instale alfresco mediante:</P><P><A href="https://github.com/Alfresco/alfresco-docker-installer" target="_blank" rel="noopener nofollow noreferrer">https://github.com/Alfresco/alfresco-docker-installer</A></P><P>Puedo conectarme a alfresco share mediante la direccion ip de mi maquina y mediante DNS pero no puedo conectarme mediante:&nbsp;localhost:8080/share&nbsp;</P><P>que puedo hacer para poder conectarme tambien por localhost ?&nbsp;</P> Tue, 20 Apr 2021 12:17:03 GMT https://connect.hyland.com/t5/alfresco-archive/no-puedo-acceder-mediante-localhost/m-p/100092#M69300 Alfred2 2021-04-20T12:17:03Z https://connect.hyland.com/t5/alfresco-archive/no-puedo-acceder-mediante-localhost/m-p/100093#M69301 <P>Hola&nbsp;<A href="https://migration33.stage.lithium.com/t5/user/viewprofilepage/user-id/85280">@Alfred2</A>&nbsp;</P> <P>Apple, Windows, Linux?</P> Tue, 20 Apr 2021 15:21:09 GMT https://connect.hyland.com/t5/alfresco-archive/no-puedo-acceder-mediante-localhost/m-p/100093#M69301 EddieMay 2021-04-20T15:21:09Z https://connect.hyland.com/t5/alfresco-archive/no-puedo-acceder-mediante-localhost/m-p/100094#M69302 <P>Linux Server 20.04 LTS</P> Tue, 20 Apr 2021 17:45:30 GMT https://connect.hyland.com/t5/alfresco-archive/no-puedo-acceder-mediante-localhost/m-p/100094#M69302 Alfred2 2021-04-20T17:45:30Z https://connect.hyland.com/t5/alfresco-archive/no-puedo-acceder-mediante-localhost/m-p/100095#M69303 <P>¿Qué error te da? ¿La llamada a localhost supongo que la haces desde la misma máquina donde estás ejecutando el docker-compose? ¿Configuraste algo respecto a puertos al utilizar el instalador? ¿Qué puertos tiene configurado el nginx, tanto de docker como de configuración interna? ¿Qué puertos estan declarados en el docker-compose para el servicio de share?</P> Thu, 22 Apr 2021 15:30:05 GMT https://connect.hyland.com/t5/alfresco-archive/no-puedo-acceder-mediante-localhost/m-p/100095#M69303 narkuss 2021-04-22T15:30:05Z https://connect.hyland.com/t5/alfresco-archive/no-puedo-acceder-mediante-localhost/m-p/100096#M69304 <P>Esta todo por defecto, tal como viene en el Compose.</P><P>Mediante IP funciona todo muy bien, y aparte alfresco share no me funciona externamente, es decir, se carga la pagina del login, pero no puedo logearme, al introducir los datos y logearme, me direge a una antigua pagina de alfresco, pero con alfresco content application, externamente todo funcion, puedo logearme.</P> Sun, 25 Apr 2021 02:41:25 GMT https://connect.hyland.com/t5/alfresco-archive/no-puedo-acceder-mediante-localhost/m-p/100096#M69304 Alfred2 2021-04-25T02:41:25Z https://connect.hyland.com/t5/alfresco-archive/no-puedo-acceder-mediante-localhost/m-p/100097#M69305 <P>¿Algún error en el log? ¿Podrías por favor compartirnos el log?</P> Mon, 26 Apr 2021 10:33:30 GMT https://connect.hyland.com/t5/alfresco-archive/no-puedo-acceder-mediante-localhost/m-p/100097#M69305 cristinamr 2021-04-26T10:33:30Z https://connect.hyland.com/t5/alfresco-archive/no-puedo-acceder-mediante-localhost/m-p/100098#M69306 <P><SPAN>Hola, el problema de localhost ya lo solucione, pero ahora si intento entrar a alfresco share mediante 8089:http://localhost:8080/share/page me aparece la pagina, pero al intentar iniciar sesion me sale otra pagina de alfresco.&nbsp;</SPAN></P><P><SPAN>Contenedor Share.</SPAN></P><P><SPAN>/usr/local/tomcat/logs</SPAN></P><P><SPAN>05-May-2021 12:05:10.323 INFO [localhost-startStop-1] org.apache.catalina.core.ApplicationContext.log No Spring WebApplicationInitializer types detected on classpath</SPAN></P><P><SPAN>05-May-2021 12:05:10.344 INFO [localhost-startStop-1] org.apache.catalina.core.ApplicationContext.log Initializing Spring root WebApplicationContext</SPAN></P><P><SPAN>05-May-2021 12:05:25.051 INFO [localhost-startStop-1] org.apache.catalina.core.ApplicationContext.log org.tuckey.web.filters.urlrewrite.UrlRewriteFilter INFO: loaded (conf ok)</SPAN></P><P><SPAN>05-May-2021 12:05:25.116 INFO [localhost-startStop-1] org.apache.catalina.core.ApplicationContext.log Initializing Spring DispatcherServlet 'Spring Surf Dispatcher Servlet'</SPAN></P><P><SPAN>05-May-2021 12:35:30.830 SEVERE [http-nio-8080-exec-3] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for servlet [Spring Surf Dispatcher Servlet] in context with path [/share] threw exception [Possible CSRF attack noted when asserting referer header 'http://localhost:8089/share/page/'. Request: POST /share/page/dologin, FAILED TEST: Assert referer POST /share/page/dologin :: referer: 'http://localhost:8089/share/page/' vs server &amp; context: http://localhost:8080/ (string) or http://localhost/.* (regexp)] with root cause</SPAN></P><P><SPAN>javax.servlet.ServletException: Possible CSRF attack noted when asserting referer header 'http://localhost:8089/share/page/'. Request: POST /share/page/dologin, FAILED TEST: Assert referer POST /share/page/dologin :: referer: 'http://localhost:8089/share/page/' vs server &amp; context: http://localhost:8080/ (string) or http://localhost/.* (regexp)</SPAN></P><P><SPAN>at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)</SPAN></P><P><SPAN>at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)</SPAN></P><P><SPAN>at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)</SPAN></P><P><SPAN>a</SPAN><SPAN>05-May-2021 14:17:22.968 SEVERE [http-nio-8080-exec-3] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for servlet [Spring Surf Dispatcher Servlet] in context with path [/share] threw exception [Possible CSRF attack noted when asserting referer header 'http://localhost:8089/share/page/'. Request: POST /share/page/dologin, FAILED TEST: Assert referer POST /share/page/dologin :: referer: 'http://localhost:8089/share/page/' vs server &amp; context: http://localhost:8080/ (string) or<SPAN class="Apple-converted-space">&nbsp; </SPAN>(regexp)] with root cause</SPAN></P><P><SPAN>javax.servlet.ServletException: Possible CSRF attack noted when asserting referer header 'http://localhost:8089/share/page/'. Request: POST /share/page/dologin, FAILED TEST: Assert referer POST /share/page/dologin :: referer: 'http://localhost:8089/share/page/' vs server &amp; context: http://localhost:8080/ (string) or<SPAN class="Apple-converted-space">&nbsp; </SPAN>(regexp)</SPAN></P><P><SPAN>at org.springframework.extensions.webscripts.servlet.CSRFFilter$AssertRefererAction.run(CSRFFilter.java:1072)</SPAN></P><P><SPAN>at org.springframework.extensions.webscripts.servlet.CSRFFilter.doFilter(CSRFFilter.java:346)</SPAN></P><P><SPAN>at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)</SPAN></P><P><SPAN>at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)</SPAN></P><P><SPAN>at org.alfresco.web.site.servlet.SSOAuthenticationFilter.doFilter(SSOAuthenticationFilter.java:474)</SPAN></P><P><SPAN>at org.alfresco.web.site.servlet.SSOAuthenticationFilter.doFilter(SSOAuthenticationFilter.java:443)</SPAN></P><P><SPAN>at org.springframework.extensions.webscripts.servlet.BeanProxyFilter.doFilter(BeanProxyFilter.java:80)</SPAN></P><P><SPAN>at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)</SPAN></P><P><SPAN>at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)</SPAN></P><P><SPAN>at org.alfresco.web.site.servlet.MTAuthenticationFilter.doFilter(MTAuthenticationFilter.java:81)</SPAN></P><P><SPAN>at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)</SPAN></P><P><SPAN>at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)</SPAN></P><P><SPAN>at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)</SPAN></P><P><SPAN>at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)</SPAN></P><P><SPAN>at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)</SPAN></P><P><SPAN>at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)</SPAN></P><P><SPAN>at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)</SPAN></P><P><SPAN>at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:660)</SPAN></P><P><SPAN>at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)</SPAN></P><P><SPAN>at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)</SPAN></P><P><SPAN>at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:798)</SPAN></P><P><SPAN>at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)</SPAN></P><P><SPAN>at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:808)</SPAN></P><P><SPAN>at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)</SPAN></P><P><SPAN>at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)</SPAN></P><P><SPAN>at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)</SPAN></P><P><SPAN>at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)</SPAN></P><P><SPAN>at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)</SPAN></P><P><SPAN>at java.base/java.lang.Thread.run(Thread.java:834)</SPAN></P><P><SPAN>05-May-2021 14:24:16.295 INFO [localhost-startStop-1] org.apache.catalina.core.ApplicationContext.log No Spring WebApplicationInitializer types detected on classpath</SPAN></P><P><SPAN>05-May-2021 14:24:16.342 INFO [localhost-startStop-1] org.apache.catalina.core.ApplicationContext.log Initializing Spring root WebApplicationContext</SPAN></P><P><SPAN>05-May-2021 14:24:33.855 INFO [localhost-startStop-1] org.apache.catalina.core.ApplicationContext.log org.tuckey.web.filters.urlrewrite.UrlRewriteFilter INFO: loaded (conf ok)</SPAN></P><P><SPAN>05-May-2021 14:24:33.918 INFO [localhost-startStop-1] org.apache.catalina.core.ApplicationContext.log Initializing Spring DispatcherServlet 'Spring Surf Dispatcher Servlet'</SPAN></P><P><SPAN>05-May-2021 14:26:40.165 SEVERE [http-nio-8080-exec-5] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for servlet [Spring Surf Dispatcher Servlet] in context with path [/share] threw exception [Possible CSRF attack noted when asserting referer header 'http://localhost:8089/share/page'. Request: POST /share/page/dologin, FAILED TEST: Assert referer POST /share/page/dologin :: referer: 'http://localhost:8089/share/page' vs server &amp; context: http://localhost:8080/ (string) or<SPAN class="Apple-converted-space">&nbsp; </SPAN>(regexp)] with root cause</SPAN></P><P><SPAN>javax.servlet.ServletException: Possible CSRF attack noted when asserting referer header 'http://localhost:8089/share/page'. Request: POST /share/page/dologin, FAILED TEST: Assert referer POST /share/page/dologin :: referer: 'http://localhost:8089/share/page' vs server &amp; context: http://localhost:8080/ (string) or<SPAN class="Apple-converted-space">&nbsp; </SPAN>(regexp)</SPAN></P><P><SPAN>at org.springframework.extensions.webscripts.servlet.CSRFFilter$AssertRefererAction.run(CSRFFilter.java:1072)</SPAN></P><P><SPAN>at org.springframework.extensions.webscripts.servlet.CSRFFilter.doFilter(CSRFFilter.java:346)</SPAN></P><P><SPAN>at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)</SPAN></P><P><SPAN>at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)</SPAN></P><P><SPAN>at org.alfresco.web.site.servlet.SSOAuthenticationFilter.doFilter(SSOAuthenticationFilter.java:474)</SPAN></P><P><SPAN>at org.alfresco.web.site.servlet.SSOAuthenticationFilter.doFilter(SSOAuthenticationFilter.java:443)</SPAN></P><P><SPAN>at org.springframework.extensions.webscripts.servlet.BeanProxyFilter.doFilter(BeanProxyFilter.java:80)</SPAN></P><P><SPAN>at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)</SPAN></P><P><SPAN>at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)</SPAN></P><P><SPAN>at org.alfresco.web.site.servlet.MTAuthenticationFilter.doFilter(MTAuthenticationFilter.java:81)</SPAN></P><P><SPAN>at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)</SPAN></P><P><SPAN>at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)</SPAN></P><P><SPAN>at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)</SPAN></P><P><SPAN>at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)</SPAN></P><P><SPAN>at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)</SPAN></P><P><SPAN>at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)</SPAN></P><P><SPAN>at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)</SPAN></P><P><SPAN>at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:660)</SPAN></P><P><SPAN>at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)</SPAN></P><P><SPAN>at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)</SPAN></P><P><SPAN>at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:798)</SPAN></P><P><SPAN>at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)</SPAN></P><P><SPAN>at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:808)</SPAN></P><P><SPAN>at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)</SPAN></P><P><SPAN>at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)</SPAN></P><P><SPAN>at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)</SPAN></P><P><SPAN>at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)</SPAN></P><P><SPAN>at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)</SPAN></P><P><SPAN>at java.base/java.lang.Thread.run(Thread.java:834)</SPAN></P><P><SPAN><SPAN class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Bildschirmfoto 2021-05-06 um 08.49.09.png" style="width: 735px;"><span class="lia-inline-image-display-wrapper" image-alt="image"><img src="https://connect.hyland.com/t5/image/serverpage/image-id/492i1945A498089AEFE5/image-size/large?v=v2&amp;px=999" role="button" title="image" alt="image" /></span></SPAN></SPAN></P> Thu, 06 May 2021 06:50:32 GMT https://connect.hyland.com/t5/alfresco-archive/no-puedo-acceder-mediante-localhost/m-p/100098#M69306 Alfred2 2021-05-06T06:50:32Z https://connect.hyland.com/t5/alfresco-archive/no-puedo-acceder-mediante-localhost/m-p/100099#M69307 <P><A href="http://www.giuseppeurso.eu/en/alfresco-tips-and-tricks-13-csrf-filter-error-on-share-login-with-apache-mod_proxy-and-sslengine-on/" target="_blank" rel="nofollow noopener noreferrer">http://www.giuseppeurso.eu/en/alfresco-tips-and-tricks-13-csrf-filter-error-on-share-login-with-apache-mod_proxy-and-sslengine-on/</A></P> Thu, 06 May 2021 07:18:57 GMT https://connect.hyland.com/t5/alfresco-archive/no-puedo-acceder-mediante-localhost/m-p/100099#M69307 angelborroy 2021-05-06T07:18:57Z https://connect.hyland.com/t5/alfresco-archive/no-puedo-acceder-mediante-localhost/m-p/100100#M69308 <P>Hola Angel,&nbsp;</P><P>Siento ser tan molesto,</P><P>hice los pasos de la guia y me sigue sin funcionar.&nbsp;</P><P>Hice el paso 1:</P><P><STRONG>Step1</STRONG><SPAN>. Copy the “</SPAN><EM>CSRFPolicy</EM><SPAN>” default config from:</SPAN><BR /><EM>TOMCAT_HOME/webapps/share/WEB-INF/classes/alfresco/share-security-config.xml</EM><BR /><SPAN>to:</SPAN><BR /><EM>TOMCAT_HOME/shared/classes/alfresco/web-extension/share-config-custom.xml</EM></P><P><EM>Luego el paso 2:</EM></P><P><EM><STRONG>Step 2.</STRONG><SPAN>&nbsp;Add the attribute </SPAN>replace=”true”<SPAN>&nbsp;like below</SPAN></EM></P><PRE>&lt;config evaluator="string-compare" condition="CSRFPolicy" replace="true"&gt;</PRE><P>Luego el paso 3:</P><P><STRONG>Step 3.</STRONG>&nbsp;Update the properties <EM>referer</EM> e <EM>origin</EM>&nbsp;with the FQDN (https) of the Apache VirtualHost</P><PRE>&lt;config evaluator="string-compare" condition="CSRFPolicy" replace="true"&gt; &lt;properties&gt; &lt;token&gt;Alfresco-CSRFToken&lt;/token&gt; &lt;!-- Use the pipe | in the regex as OR operator: URL1|URL2|... --&gt; &lt;referer&gt;https://myalfresco.com/.*&lt;/referer&gt; &lt;origin&gt;https://myalfresco.com&lt;/origin&gt;</PRE><P><SPAN>En&nbsp;&lt;referer&gt;<A href="https://myalfresco.com/.*&lt;/referer" target="_blank" rel="noopener nofollow noreferrer">https://myalfresco.com/.*&lt;/referer</A>&gt; &lt;origin&gt;<A href="https://myalfresco.com&lt;/origin" target="_blank" rel="noopener nofollow noreferrer">https://myalfresco.com&lt;/origin</A>&gt;</SPAN></P><P><SPAN>He probado con localhost:8080 y con la IP en https y en http y sigue sin funcionar, he borrado siempre el historial del navegador para cada prueba.</SPAN></P><P>Esta es mi configuracion:</P><P><SPAN>[root@2373e4da0eba tomcat]# cat /usr/local/tomcat/shared/classes/alfresco/web-extension/share-config-custom.xml<SPAN class="Apple-converted-space">&nbsp;</SPAN></SPAN></P><P><SPAN>&lt;alfresco-config&gt;</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp;&nbsp; </SPAN>&lt;!--</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; </SPAN>This setting controls which domains' pages that shall be allowed to be included inside Share using an &lt;iframe&gt;.</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; </SPAN>All components in Share that creates an &lt;iframe&gt; (targeted at a user provided url) MUST assert the url is</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; </SPAN>provided in the white list below or that it.</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; </SPAN>Will be used and exposed to the client side code in Alfresco.contants.IFRAME_POLICY.</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; </SPAN>Use the Alfresco.util.IFramePolicy.isUrlAllowed() to check if a url is allowed.</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; </SPAN>Note!</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; </SPAN>These settings are used to mitigate phishing attacks (i.e. displaying a login form).</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; </SPAN>These settings are NOT used to mitigate clickjacking attacks and do NOT control if or when Share is allowed</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; </SPAN>to be included into pages (using an &lt;iframe&gt;) from other domains, that is instead controlled by the</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; </SPAN>"X-Frame-Options" header inside the "SecurityHeadersPolicy" config.</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp;&nbsp; </SPAN>--&gt;</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp;&nbsp; </SPAN>&lt;config evaluator="string-compare" condition="IFramePolicy"&gt;</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; </SPAN>&lt;!-- Local share pages/resources are governed by the same-domain element which can be set to "allow" or "deny" --&gt;</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; </SPAN>&lt;same-domain&gt;allow&lt;/same-domain&gt;</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; </SPAN>&lt;!--</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; </SPAN>Add a list of &lt;url&gt; elements inside this element to form a whitelist of allowed domains.</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; </SPAN>The check will assert that the url used for the &lt;iframe&gt; starts with the value of one of the &lt;url&gt; elements.</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; </SPAN>--&gt;</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; </SPAN>&lt;cross-domain&gt;</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; </SPAN>&lt;!--</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </SPAN>Allow all domains by default, it is highly recommended to override this setting and instead keep a</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </SPAN>whitelist of the domains that you trust to be included on Share pages.</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; </SPAN>--&gt;</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; </SPAN>&lt;url&gt;*&lt;/url&gt;</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; </SPAN>&lt;/cross-domain&gt;</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp;&nbsp; </SPAN>&lt;/config&gt;</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp;&nbsp; </SPAN>&lt;!--</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; </SPAN>CSRF filter config to mitigate CSRF/Seasurfing/XSRF attacks</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; </SPAN>To disable the CSRF filter override the &lt;filter&gt; to not contain any values, see share-config-custom.xml for</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; </SPAN>an example.</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; </SPAN>If you have a custom resource(s) that a client POST to that can't accept a token, for whatever reason, then make</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; </SPAN>sure to copy the entire CSRFPolicy config and place it in your share-config-custom.xml file</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; </SPAN>with the replace="true" attribute and make sure to add a new &lt;rule&gt; in the top of the &lt;filter&gt; element,</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; </SPAN>which has a &lt;request&gt; element matching your requests, and uses only the "assertReferer" &amp; "assertOrigin" actions.</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; </SPAN>I.e.</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; </SPAN>&lt;rule&gt;</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; </SPAN>&lt;request&gt;</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </SPAN>&lt;method&gt;POST&lt;/method&gt;</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </SPAN>&lt;path&gt;/proxy/alfresco/custom/repoWebscript/withoutParams|/service/custom/shareResource/thatMayHaveParams(\?.+)?&lt;/path&gt;</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; </SPAN>&lt;/request&gt;</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; </SPAN>&lt;action name="assertReferer"&gt;</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </SPAN>&lt;param name="referer"&gt;{referer}&lt;/param&gt;</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; </SPAN>&lt;/action&gt;</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; </SPAN>&lt;action name="assertOrigin"&gt;</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </SPAN>&lt;param name="origin"&gt;{origin}&lt;/param&gt;</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; </SPAN>&lt;/action&gt;</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; </SPAN>&lt;/rule&gt;</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp;&nbsp; </SPAN>--&gt;</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp;&nbsp; </SPAN>&lt;config evaluator="string-compare" condition="CSRFPolicy"&gt;</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; </SPAN>replace="true"&gt;</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; </SPAN>&lt;!--</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; </SPAN>Properties that may be used inside the rest of the CSRFPolicy config to avoid repetition but</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; </SPAN>also making it possible to provide different values in different environments.</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; </SPAN>I.e. Different "Referer" &amp; "Origin" properties for test &amp; production etc.</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; </SPAN>Reference a property using "{propertyName}".</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; </SPAN>--&gt;</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; </SPAN>&lt;properties&gt;</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; </SPAN>&lt;!-- There is normally no need to override this property --&gt;</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; </SPAN>&lt;token&gt;Alfresco-CSRFToken&lt;/token&gt;</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; </SPAN>&lt;!--</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </SPAN>Override and set this property with a regexp that if you have placed Share behind a proxy that</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </SPAN>does not rewrite the Referer header.</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; </SPAN>--&gt;</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; </SPAN>&lt;referer&gt;<A href="http://192.168.0.49:8080/.*&lt;/referer" target="_blank" rel="noopener nofollow noreferrer">http://192.168.0.49:8080/.*&lt;/referer</A>&gt;</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; </SPAN>&lt;!--</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </SPAN>Override and set this property with a regexp that if you have placed Share behind a proxy that</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </SPAN>does not rewrite the Origin header.</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; </SPAN>--&gt;</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; </SPAN>&lt;origin&gt;<A href="http://192.168.0.49:8080&lt;/origin" target="_blank" rel="noopener nofollow noreferrer">http://192.168.0.49:8080&lt;/origin</A>&gt;</SPAN></P><P><SPAN><SPAN class="Apple-converted-space">&nbsp; &nbsp; &nbsp; </SPAN>&lt;/properties&gt;</SPAN></P> Thu, 06 May 2021 09:25:34 GMT https://connect.hyland.com/t5/alfresco-archive/no-puedo-acceder-mediante-localhost/m-p/100100#M69308 Alfred2 2021-05-06T09:25:34Z https://connect.hyland.com/t5/alfresco-archive/no-puedo-acceder-mediante-localhost/m-p/100101#M69309 <P>Buenas. <EM>CSRFPolicy</EM> normalmente se configura cuando tienes un proxy, https, etc. Si es para localhost puedes deshabilitarlo. Ojea <A href="https://hub.alfresco.com/t5/alfresco-content-services-forum/cannot-configure-csrf-origin-server-for-admin-console-post/td-p/165490" target="_self" rel="nofollow noopener noreferrer">este hilo</A>. Es muy interesante y probablemente te aporte información a lo que ya sabes. Una cosa a destacar: leelo completo y fijate en la respuesta del compañero <SPAN class="UserName lia-user-name lia-user-rank-Member-II lia-component-message-view-widget-author-username"><A href="https://hub.alfresco.com/t5/user/viewprofilepage/user-id/60563" target="_self" rel="nofollow noopener noreferrer"><SPAN class="">kevinoudot</SPAN></A></SPAN> del 29 de Marzo.</P><P>Si aplicando la solución del hilo, sigue sin funcionarte, por favor adjuntanos de nuevo las trazas que den en el log.</P><P>Un saludo.</P> Thu, 06 May 2021 15:22:05 GMT https://connect.hyland.com/t5/alfresco-archive/no-puedo-acceder-mediante-localhost/m-p/100101#M69309 cristinamr 2021-05-06T15:22:05Z https://connect.hyland.com/t5/alfresco-archive/no-puedo-acceder-mediante-localhost/m-p/100102#M69310 <P>Hola Cristina,</P><P>Lamentablemente sigo sin tener exito a este problema</P><P>&nbsp;/usr/local/tomcat/shared/classes</P><P>alfresco-global.properties:</P><P><SPAN>csrf.filter.enabled=false</SPAN></P><P>alfresco.context=alfresco<BR />alfresco.host=127.0.0.1<BR />alfresco.port=8080<BR />alfresco.protocol=http</P><P>share.context=share<BR />share.host=127.0.0.1<BR />share.port=8080<BR />share.protocol=http</P><P>system.serverMode=UNKNOWN</P><P>alfresco.rmi.services.port=50500</P><P><BR />index.subsystem.name=solr6<BR />dir.keystore=${dir.root}/keystore<BR />solr.host=localhost<BR />solr.port.ssl=8443</P><P><BR />security.anyDenyDenies=false</P><P>### Smart Folders Config Properties ###<BR />smart.folders.enabled=false</P><P><BR />alfresco.jmx.connector.enabled=false</P><P>Nuevamente el problema</P><P>at java.base/java.lang.Thread.run(Thread.java:834)<BR />06-May-2021 19:22:28.412 SEVERE [http-nio-8080-exec-9] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for servlet [Spring Surf Dispatcher Servlet] in context with path [/share] threw exception [Possible CSRF attack noted when asserting referer header 'http://localhost:8089/share/page'. Request: POST /share/page/dologin, FAILED TEST: Assert referer POST /share/page/dologin :: referer: 'http://localhost:8089/share/page' vs server &amp; context: http://localhost:8080/ (string) or (regexp)] with root cause<BR />javax.servlet.ServletException: Possible CSRF attack noted when asserting referer header 'http://localhost:8089/share/page'. Request: POST /share/page/dologin, FAILED TEST: Assert referer POST /share/page/dologin :: referer: 'http://localhost:8089/share/page' vs server &amp; context: http://localhost:8080/ (string) or (regexp)<BR />at org.springframework.extensions.webscripts.servlet.CSRFFilter$AssertRefererAction.run(CSRFFilter.java:1072)<BR />at org.springframework.extensions.webscripts.servlet.CSRFFilter.doFilter(CSRFFilter.java:346)<BR />at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)<BR />at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)<BR />at org.alfresco.web.site.servlet.SSOAuthenticationFilter.doFilter(SSOAuthenticationFilter.java:474)<BR />at org.alfresco.web.site.servlet.SSOAuthenticationFilter.doFilter(SSOAuthenticationFilter.java:443)<BR />at org.springframework.extensions.webscripts.servlet.BeanProxyFilter.doFilter(BeanProxyFilter.java:80)<BR />at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)<BR />at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)<BR />at org.alfresco.web.site.servlet.MTAuthenticationFilter.doFilter(MTAuthenticationFilter.java:81)<BR />at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)<BR />at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)<BR />at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)<BR />at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)<BR />at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)<BR />at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)<BR />at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)</P><P>Lo mas interesante es que si mapeo 8080:locahost:8080/share/page/ si me funciona, pero si intento entrar por otro puerto como 8089://localhost:8080/share/page tengo ese problema de:&nbsp;/share/page/dologin :: referer: 'http://localhost:8089/share/page' vs server &amp; context: http://localhost:8080/ .... etc</P><P>Los puerto de alfresco y alfresco share son los que vienen por defecto en el docker-compose.yml que es el 8080</P><P>imagen de docker&nbsp;</P><P>share:<BR />build:<BR />context: ./share<BR />args:<BR />SHARE_TAG: ${SHARE_TAG}<BR />SERVER_NAME: ${SERVER_NAME}<BR />mem_limit: 1104m<BR />environment:<BR />REPO_HOST: "alfresco"<BR />REPO_PORT: "8080"<BR />CSRF_FILTER_REFERER: "http://localhost/.*"<BR />CSRF_FILTER_ORIGIN: "http://localhost"<BR />JAVA_OPTS: "<BR />-Xms976m -Xmx976m<BR />-Dalfresco.context=alfresco<BR />-Dalfresco.protocol=http<BR />"<BR />volumes:<BR />- ./logs/share:/usr/local/tomcat/logs</P><P>Gracias por la ayuda.</P> Thu, 06 May 2021 19:34:58 GMT https://connect.hyland.com/t5/alfresco-archive/no-puedo-acceder-mediante-localhost/m-p/100102#M69310 Alfred2 2021-05-06T19:34:58Z