https://connect.hyland.com/t5/alfresco-forum/resolved-possible-csrf-attack-noted-when-comparing-token-in/m-p/69044#M22829 <HTML><HEAD></HEAD><BODY><P>Dear all,</P><P>Do you know how to solve this case?</P><P>I'm using Alfresco Community Edition(201707), separately deployed Share on another machine.</P><P>And configured hostname in alfresco-global.properties</P><BLOCKQUOTE class="jive_macro_quote jive-quote jive_text_macro"><P>alfresco.context=alfresco<BR />alfresco.host=alfresco<BR />alfresco.port=8080<BR />alfresco.protocol=http</P><P>share.context=share<BR />share.host=docuplace.dreamintek.com<BR />share.port=80<BR />share.protocol=http</P></BLOCKQUOTE><P></P><P>And on client machine in hosts file I've set:</P><BLOCKQUOTE class="jive_macro_quote jive-quote jive_text_macro"><P>192.168.37.100 alfresco<BR /><SPAN style="background-color: #f6f6f6;">192.168.37.101</SPAN>&nbsp;docuplace.dreamintek.com dreamintek docuplace</P></BLOCKQUOTE><P></P><P><SPAN>When use this url: </SPAN><A _jive_internal="true" href="https://community.alfresco.com/docuplace.dreamintek.com/share" rel="nofollow noopener noreferrer" target="_blank">http://docuplace.dreamintek.com/share</A></P><P>and attempt to&nbsp;create a folder, in Catalina.out I see below error.</P><BLOCKQUOTE class="jive_macro_quote jive-quote jive_text_macro"><P></P><P>[org.springframework.extensions.webscripts.servlet.CSRFFilter] [http-apr-8080-exec-5] Possible CSRF attack noted when comparing token in session and request header. Request: POST /share/proxy/alfresco/api/type/cm%3Afolder/formprocessor<BR />2019-01-07 09:47:06,711 ERROR [org.alfresco.web.site] [http-apr-8080-exec-5] javax.servlet.ServletException: Possible CSRF attack noted when comparing token in session and request header. Request: POST /share/proxy/alfresco/api/type/cm%3Afolder/formprocessor</P><P>at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)<BR /> at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115)<BR /> at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)<BR /> at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2549)<BR /> at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2538)<BR /> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)<BR /> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)<BR /> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)<BR /> at java.lang.Thread.run(Thread.java:748)</P><P>2019-01-07 09:47:06,711 ERROR [alfresco.web.site] [http-apr-8080-exec-5] javax.servlet.ServletException: Possible CSRF attack noted when comparing token in session and request header. Request: POST /share/proxy/alfresco/api/type/cm%3Afolder/formprocessor</P></BLOCKQUOTE><P><SPAN>However when I use this url: </SPAN><A _jive_internal="true" href="https://community.alfresco.com/http:" rel="nofollow noopener noreferrer" target="_blank">http://</A><SPAN style="background-color: #f6f6f6;">docuplace/share, there is no problem.</SPAN></P><P></P><P>I've search to figure it out, but I couldn't find similar issue.</P><P>And also checked&nbsp;web-client-security-config.xml and web.xml, too.</P><P></P><P>How could I resolve this? Any idea would be appreciated.</P><P></P><P>Keon</P></BODY></HTML> Mon, 07 Jan 2019 02:26:53 GMT keon 2019-01-07T02:26:53Z https://connect.hyland.com/t5/alfresco-forum/resolved-possible-csrf-attack-noted-when-comparing-token-in/m-p/69044#M22829 Dear all,Do you know how to solve this case?I'm using Alfresco Community Edition(201707), separately deployed Share on another machine.And configured hostname in alfresco-global.propertiesalfresco.context=alfrescoalfresco.host=alfrescoalfresco.port=8080alfresco.protocol=httpshare.context=shareshare. Mon, 07 Jan 2019 02:26:53 GMT https://connect.hyland.com/t5/alfresco-forum/resolved-possible-csrf-attack-noted-when-comparing-token-in/m-p/69044#M22829 keon 2019-01-07T02:26:53Z https://connect.hyland.com/t5/alfresco-forum/resolved-possible-csrf-attack-noted-when-comparing-token-in/m-p/69045#M22830 <HTML><HEAD></HEAD><BODY><P>I've simply removed browser cache(Chrome in this case) and resolved. Good as new <img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://connect.hyland.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /></P><P></P><P>Regards,</P><P>Keon</P></BODY></HTML> Mon, 07 Jan 2019 03:56:55 GMT https://connect.hyland.com/t5/alfresco-forum/resolved-possible-csrf-attack-noted-when-comparing-token-in/m-p/69045#M22830 keon 2019-01-07T03:56:55Z