dwr的A request has been denied as a potential CSRF attack.错误

Posted toyzhou

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了dwr的A request has been denied as a potential CSRF attack.错误相关的知识,希望对你有一定的参考价值。

虽然DWR是个很早就出现的Ajax框架,但一直都没去使用过,今天正好没事就看了一下并参照文档照做了个demo,

在其中碰到一个问题: 

   后台打印出错误信息:“严重: A request has been denied as a potential CSRF attack.” 在网上google一把

之后,出现此错误的原因大都是说“请求被拒绝,可能存在csrf(cross-site request forgeries,跨站请求伪造)攻击、

页面URL可能被跨站了的服务所调用之类的”,但是我这里只有一个简单的测试页面,是根本不存在什么所谓的跨站请求的,

但不知道为什么?希望有知道的朋友告诉一下我,万谢!

 

   不过最后还是通过网上搜索给解决了,得到以下两种解决方案:

   1、在web.xml配置文件中修改dwr的配置:

  1. Xml代码   
  2. <servlet>    
  3.  <servlet-name>dwr-invoker</servlet-name>    
  4.   <servlet-class>org.directwebremoting.servlet.DwrServlet</servlet-class>    
  5.   <init-param>    
  6.    <param-name>debug</param-name>    
  7.    <param-value>true</param-value>    
  8.   </init-param>    
  9.   <!-- 新加corssDomainSessionSecurity参数 -->    
  10.   <init-param>        
  11.             <param-name>crossDomainSessionSecurity</param-name>        
  12.             <param-value>false</param-value>        
  13.     </init-param>    
  14.  </servlet>    
  15. <servlet>  
  16.  <servlet-name>dwr-invoker</servlet-name>  
  17.   <servlet-class>org.directwebremoting.servlet.DwrServlet</servlet-class>  
  18.   <init-param>  
  19.    <param-name>debug</param-name>  
  20.    <param-value>true</param-value>  
  21.   </init-param>  
  22.   <!-- 新加corssDomainSessionSecurity参数 -->  
  23.   <init-param>     
  24.             <param-name>crossDomainSessionSecurity</param-name>     
  25.             <param-value>false</param-value>     
  26.     </init-param>  
  27.  </servlet>  
    据说参数corssDomainSessionSecurity是在dwr版本2.0才有的.默认值为true,也就是禁止其他域发送请求.若设置成false后,就能够从其他域进行请求但这样做会在安全性上有一些冒险.

 

   2、将JSP文件中所引用的js文件engine.js的方式,由<script type="text/javascript" src="js/engine.js"></script> 更改成:<script type="text/javascript" src="dwr/engine.js"></script>。不知道为什么这样就可以啦,而

引用js目录下就会报错。希望有知道朋友,不吝赐教,在下感激不尽!

关注流行国外网站

facebook:http://www.fb-on.com

facebook官网:http://www.facebookzh.com

facebook:http://www.cn-face-book.com

facebook:http://www.vivcall.com

youtube:http://www.youtubezh.com

twitter:http://www.twitterzh.com

以上是关于dwr的A request has been denied as a potential CSRF attack.错误的主要内容,如果未能解决你的问题,请参考以下文章

getReader()/getInputStream() has already been called for this request

解决Cannot forward after response has been committed

solr部署tomcat 访问HTTP Status 403 – Access to the requested resource has been denied

Mixed Content: xxx This request has been blocked; the content must be served over HTTPS.

Https异常This request has been blocked; the content must be served over HTTPS

解决[origin 'http://xxx.xxx.com:xxxx' has been blocked by CORS policy: The request client is n