java apache CsrfPreventionFilter和404错误
我正在使用org.apache.catalina.filters.CsrfPreventionFilter
来防止跨站点请求伪造,但当用户单击将他连接到HTTP 404的链接时,我会遇到问题。之后,对于所有请求,它开始抛出403
例如,当用户试图下载一个不再存在的csv文件时,他会被重定向到404。jsp页面。csv文件的链接如下:
http://localhost:8080/mc-portal/uploaded_numbers/03002790541_20150509144859.csv?org.apache.catalina.filters.CSRF_NONCE=5F5CC51CFC21FD96B09E93F40666DC44
之后,无论用户尝试访问哪个链接,都会抛出以下403:
"NetworkError: 403 Forbidden - http://localhost:8080/mc-portal/logout?org.apache.catalina.filters.CSRF_NONCE=8A9F00AA9B26A285D7FC0C3FBE160E61"
404。jsp错误页面已放置在web中的entryPoints参数值中。xml:
<filter>
<filter-name>CsrfFilter</filter-name>
<filter-class>org.apache.catalina.filters.CsrfPreventionFilter</filter-class>
<init-param>
<param-name>entryPoints</param-name>
<param-value>/index.jsp,/login,/home.jsp,/logout,/404.jsp</param-value>
</init-param>
<init-param>
<param-name>nonceCacheSize</param-name>
<param-value>
5
</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CsrfFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
共 (0) 个答案