nginx - JasperServer proxy CSRF error -

-

i have new installation of jasperreports server 6.2 using bundled tomcat on ubuntu 14.04 lts nginx proxy can access https://mydomain.xyz/jasperserver. works, i'm not able manage users , roles. if bypass nginx , go straight tomcat http://123.123.123.123:8080/jasperserver, works perfectly. log indicates:

2016-02-28 19:44:08,024 error csrfguard,http-nio-8080-exec-3:44 - potential cross-site request forgery (csrf) attack thwarted (user:, ip:127.0.0.1, uri:/jasperserver/flow.html, error:required token missing request)

this same older question: running jasperserver behind nginx: potential csrf attack. i've tried both mitigations suggested, , it's still not working.

  • i tried setting underscores_in_headers on;, first in http, in server, in both.
  • when didn't work, removed underscores jasper_csrf_token , owasp_csrftoken in web-inf/esapi/owasp.csrfguard.properties

i rebooted server sure cleared , restarted, still not working.

i'm seeking suggestions resolution and/or guidance on diagnose problem better. i'm new jasper , java/tomcat skills rusty.

to solve problem, think forgot allow underscores in nginx headers

server { underscores_in_headers on;


Comments

Post a Comment

Popular posts from this blog

c# - How Configure Devart dotConnect for SQLite Code First? -

-
can configure following sample code ? when run following code, error : no entity framework provider found ado.net provider invariant name 'devart.data.sqlite' setting in machine.config <system.data> <dbproviderfactories> <add name="dotconnect sqlite" invariant="devart.data.sqlite" description="devart dotconnect sqlite" type="devart.data.sqlite.sqliteproviderfactory, devart.data.sqlite, version=4.6.287.0, culture=neutral, publickeytoken=09af7300eec23701" /> </dbproviderfactories> </system.data> after add below block code in app.config <?xml version="1.0"?> <configuration>   <configsections> <!-- more information on entity framework configuration, visit http://go.microsoft.com/fwlink/?linkid=237468 --> <section name="entityframework" type="system.data.entity.internal.configfile.entityframeworksection, entit...
Read more

java - Copying object fields -

-
what best way of copying classes when need have 2 independent variables? have simple class: public class myclass { boolean = false; string b= "not empty"; } do need make method : assign(myclass data ) { a= data.a; b= data.b; } is there automatic method copy (duplicate) objects in java? do need make method : pretty close. instead of making method, should make constructor. such constructors called copy constructor , , create them this: myclass(myclass data) { = data.a; b = data.b; } and create copy of instance, use constructor this: myclass obj1 = new myclass(); myclass obj2 = new myclass(obj1); copy constructor can tedious : using copy constructor create deep-copy can tedious, when class has mutable fields. in case, assignment create copy of reference, , not object itself. have create copy of fields (if want deep copy). can go recursive. a better way create deep copy serialize , deserialize object. why not use clone()? ...
Read more

c++ - Clear the memory after returning a vector in a function -

-
i have function processes , stores lot of data in , returns results vector of class. amount of data stored in function tremendous , want clear storage memory of function after finished job. necessary (does function automatically clear memory) or should clear memory function? update: vector<customers> process(char* const *filename, vector<int> id) { vector<customers> list_of_customers; (perform actions) return list_of_customers; } variables defined locally within function automatically released @ end of function scope. destructors objects called, should free memory allocated objects (if objects coded correctly). example of such object std::vector . anything you've allocated new must have corresponding delete release storage. try avoid doing own allocation , use raii instead, i.e. containers or smart pointers.
Read more