Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

[Resolved]Possible CSRF attack noted when comparing token in session and request header

keon
Champ in-the-making
Champ in-the-making

‎01-06-2019 09:26 PM

Dear all,

Do you know how to solve this case?

I'm using Alfresco Community Edition(201707), separately deployed Share on another machine.

And configured hostname in alfresco-global.properties

alfresco.context=alfresco
alfresco.host=alfresco
alfresco.port=8080
alfresco.protocol=http

share.context=share
share.host=docuplace.dreamintek.com
share.port=80
share.protocol=http

And on client machine in hosts file I've set:

192.168.37.100 alfresco
192.168.37.101 docuplace.dreamintek.com dreamintek docuplace

When use this url: http://docuplace.dreamintek.com/share

and attempt to create a folder, in Catalina.out I see below error.

[org.springframework.extensions.webscripts.servlet.CSRFFilter] [http-apr-8080-exec-5] Possible CSRF attack noted when comparing token in session and request header. Request: POST /share/proxy/alfresco/api/type/cm%3Afolder/formprocessor
2019-01-07 09:47:06,711 ERROR [org.alfresco.web.site] [http-apr-8080-exec-5] javax.servlet.ServletException: Possible CSRF attack noted when comparing token in session and request header. Request: POST /share/proxy/alfresco/api/type/cm%3Afolder/formprocessor

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2549)
at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2538)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)

2019-01-07 09:47:06,711 ERROR [alfresco.web.site] [http-apr-8080-exec-5] javax.servlet.ServletException: Possible CSRF attack noted when comparing token in session and request header. Request: POST /share/proxy/alfresco/api/type/cm%3Afolder/formprocessor

However when I use this url: http://docuplace/share, there is no problem.

I've search to figure it out, but I couldn't find similar issue.

And also checked web-client-security-config.xml and web.xml, too.

How could I resolve this? Any idea would be appreciated.

Keon

Labels:
0 Kudos
1 REPLY 1

keon
Champ in-the-making
Champ in-the-making

‎01-06-2019 10:56 PM

I've simply removed browser cache(Chrome in this case) and resolved. Good as new Smiley Happy

Regards,

Keon

0 Kudos
Getting started

Explore our Alfresco products with the links below. Use labels to filter content by product module.

Copyright © 2024 Khoros, LLC