Error Cross-site request forbidden

22 Sep '20, 05:12 PM
23,898 Views
Forum Forum Expert - Level 5

Hello
I have migrated to version WR7.2.18, and I am getting this error message. 

com.webratio.struts.exceptions.WRSecurityException: Cross-site request forbidden

I have followed the migration document, even leaving the security parameters uninhabited and configuring my proxy, but I cannot determine or solve the problem.

It would be useful to have an example of configuration of the RTXConfig.properties file with Apache, to have an idea of what the problem is.

hostAlwaysAllowed=true

checkRequestOrigin=false

 
x 0
Follow
Answer Answer at this question and get points!
Forum Hero - Level 9

Hi Luis,

you can find details in the Release Notes document https://my.webratio.com/learn/learningobject/webratio-72-release-notes-v-72. In fact you can see specific sections such as "Moving from ....", "Fixed in ...." and "Security Fixes and Warnings".

Moreover If you are working with an Enterprise Project the "security" properties could be also reported in the related config file in <EnterpriseProject>_ROOT.jar\conf\AppConfig.properties.

If you create a new Web Project you can obtain RTXConfig.properties file with comments and description for each security Property.

A possible configuration could be:

hostWhitelist=MyCompany.MyDomain.com
hostAlwaysAllowed=false
checkRequestOrigin=true

 
x 0
Forum Expert - Level 5

Hi Alberto, thanks for the answer.

Unfortunately in the release it doesn't say what to do or where not to have that mistake.

Is it possible to get assistance from Webratio to solve this problem? In order to purchase support or review hours.

Thank you very much.

 
x 0
Answer at this question and get points!