AnsweredAssumed Answered

while I am submitting a form with post i am getting error of CSRF.

Question asked by vikash.patel@contcentric.com on Dec 13, 2016
Latest reply on Dec 15, 2016 by vikash.patel@contcentric.com

Hi,

I have created a #dashlet which contains a from. 

 

#

<form id="${el}-form" action="${url.context}/page/user/${context.user.id}/dashboard" method="post">

<b> <label> ${msg("label.name")} </label></b><input type="text" name="leadName" required="required"/>
<b><label> ${msg("label.contactNo")}</label></b><input type="text" name="leadContactNo" pattern=".{10,10}" required title="Please Enter Valid Number" maxlength="10" required="required"/>
<b><label> ${msg("label.address")} </label></b><<textarea rows="03" cols="10" name="leadAddress" required="required" ></textarea>

<input type="reset" id="${el}-resetButton" value="${msg('resetButton.buttonLabel')}" tabindex="0"></b>

<input type="submit" id="${el}-submitButton" value="${msg('submitButton.buttonLabel')}" tabindex="0"/>


Everything is working fine with GET method, But when I am changing it to Post and submitting the form It gives me error like this on browser.

Something's wrong with this page...
We may have hit an error or something might have been removed or deleted, so check that the URL is correct.

 


I am getting this error on console.

2016-12-13 13:15:38,894 INFO [site.servlet.CSRFFilter] [http-apr-8080-exec-5] Possible CSRF attack noted when comparing token in session and request header. Request: POST /share/page/user/admin/dashboard
Dec 13, 2016 1:15:38 PM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet [Spring Surf Dispatcher Servlet] in context with path [/share] threw exception [Possible CSRF attack noted when comparing token in session and request header. Request: POST /share/page/user/admin/dashboard] with root cause
javax.servlet.ServletException: Possible CSRF attack noted when comparing token in session and request header. Request: POST /share/page/user/admin/dashboard
at org.alfresco.web.site.servlet.CSRFFilter$AssertTokenAction.run(CSRFFilter.java:827)
at org.alfresco.web.site.servlet.CSRFFilter.doFilter(CSRFFilter.java:312)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.alfresco.web.site.servlet.SSOAuthenticationFilter.doFilter(SSOAuthenticationFilter.java:450)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.alfresco.web.site.servlet.MTAuthenticationFilter.doFilter(MTAuthenticationFilter.java:74)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2466)
at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2455)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Unknown Source)
2016-12-13 13:15:38,902 ERROR [alfresco.web.site] [http-apr-8080-exec-5] javax.servlet.ServletException: Possible CSRF attack noted when comparing token in session and request header. Request: POST /share/page/user/admin/dashboard

 


How to solve this? please help.

Thanks.

Outcomes