dwr的A request has been denied as a potential CSRF attack.错误

最新推荐文章于 2020-04-05 21:05:27 发布
最新推荐文章于 2020-04-05 21:05:27 发布
阅读量183 收藏
点赞数
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/cocacola81/article/details/83310833
版权

最近换到了tomcat7,运行代码的时候发现问题了,

控制台所有的dwr请求都变成了:“A request has been denied as a potential CSRF attack”

所有的都不能访问,提示跨域访问问题,然后换回tomcat6,发现每一点问题,

网上查了半天,发现时dwr的问题

解决办法如下:

修改web.xml的dwr配置,:

<listener>
<listener-class>
org.directwebremoting.servlet.EfficientShutdownServletContextListener
</listener-class>
</listener>
<display-name>DWR (Direct Web Remoting)</display-name>
<description>A Simple Demo DWR</description>
<servlet>
<servlet-name>dwr-invoker</servlet-name>
<servlet-class>
org.directwebremoting.servlet.DwrServlet
</servlet-class>
<!-- This should NEVER be present in live -->
<init-param>
<param-name>debug</param-name>
<param-value>true</param-value>
</init-param>
<!-- Remove this unless you want to use active reverse ajax -->
<init-param>
<param-name>activeReverseAjaxEnabled</param-name>
<param-value>true</param-value>
</init-param>
<!-- By default DWR creates application scope objects when they are first
used. This creates them when the app-server is started -->
<init-param>
<param-name>
initApplicationScopeCreatorsAtStartup
</param-name>
<param-value>true</param-value>
</init-param>
<!-- This enables full streaming mode. It's probably better to leave this
out if you are running across the internet -->
<init-param>
<param-name>maxWaitAfterWrite</param-name>
<param-value>-1</param-value>
</init-param>
<!--
For more information on these parameters, see:
- http://getahead.org/dwr/server/servlet
- http://getahead.org/dwr/reverse-ajax/configuration
-->
<!-- 新加corssDomainSessionSecurity参数 -->
<init-param>
<param-name>crossDomainSessionSecurity</param-name>
<param-value>false</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dwr-invoker</servlet-name>
<url-pattern>/dwr/*</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>3000</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>brandlogin.html</welcome-file>
</welcome-file-list>

其中最主要的地方是:

<init-param>
<param-name>crossDomainSessionSecurity</param-name>
<param-value>false</param-value>
</init-param>

改完之后,重新运行了下,发现一切ok,但是网上还有一个提示,dwr的引用必须进行修改

改成如下的方式:

由<script type="text/javascript" src="js/engine.js"></script>

更改成:

<script type="text/javascript" src="dwr/engine.js"></script>。 

cocacola81
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
A request has been denied as a potential CSRF attack.
weixin_38160443的博客
07-19 585
最近做项目,用的ajax框架dwr,然后做异步交互数据, 刚上来就碰到了这么个错误:“严重: A request has been denied as a potential CSRF attack.” 传递的值还是“session error”。后来在网上发现了这个问题解决办法。在web.xml配置文件中修改dwr的配置:Xml代码<servlet> <servlet-name>dwr-i
A request has been denied as a potential CSRF attack.”
goobycle
01-11 1383
<br />最近想学AJAX。   刚上来就碰到了这么个错误:“严重: A request has been denied as a potential CSRF attack.” 传递的值还是“session error”。<br />后来在网上发现了这个问题解决办法。<br />在web.xml配置文件中修改dwr的配置:<br />Xml代码 <br /> <servlet>   <servlet-name>dwr-invoker</servlet-name>    <servlet-class>or
dwr.rar_dwr a jax_jax_js 异步
最新发布
09-24
Direct Web Remoting (DWR) 是一个开源的Java库,它允许JavaScript在浏览器端与服务器端的Java对象进行直接交互,实现类似于AJAX(Asynchronous JavaScript and XML)的异步通信方式。DWR使得Web应用可以更加动态和...
dwr.rar_dwr jar_dwr j_dwr jar_dwr.j_dwr.jar2
09-22
这个"**dwr.rar**"压缩包包含了DWR的核心组件,即**dwr.jar**文件,它是DWR运行所必需的。DWR的主要目的是简化AJAX(异步JavaScript和XML)开发,通过提供一种方式,使得前端JavaScript可以直接调用后端Java方法,...
DWR.xml.rar_dwr.xml
09-14
**DWR.xml配置详解** Direct Web Remoting (DWR) 是一个开源的Java库,它允许Web应用程序在浏览器和服务器之间进行实时的、安全的、跨域的通信。DWR的核心在于XML配置文件,即`dwr.xml`,它是DWR与应用服务器交互的...
dwrDemo.war.zip_dwr_dwr.w
09-20
"dwrDemo.war.zip" 是一个包含DWR2.0测试应用的WAR(Web应用程序归档)文件,"dwr_dwr.w"可能是DWR配置或服务相关的文件。 首先,我们来了解一下DWR的核心概念: 1. **DWR引擎(DWR Engine)**:这是DWR的核心组件...
DWR_comet_0100.zip_ChatService.js_DWR_comet_0100_comet_dwr SPRIN
09-20
在JavaScript中,DWR提供了简单的API来封装与服务器的通信,如`dwr.engine.remote.handleCallback()`函数,用于处理从服务器返回的结果。`ChatService.js`可能定义了用于发送聊天消息、接收新消息和更新聊天界面的...
A request has been denied as a potential CSRF atta
samueli的专栏
08-05 259
问题描述:算是一个最简单的dwr的入门demo.也是按照dwr的入门demo写的.但是在运行的时候却出现了下面的问题.前台页面跳出session error的对话框,而控制台则输出: 2007-5-29 11:58:53 org.directwebremoting.util.CommonsLoggingOutput error严重: A request has been denied as a p...
DWR出现的A request has been denied as a potential CSRF attack解决办法
无居之所
07-08 330
学习DWR的时候,用的是DWR2.0.6版本和火狐浏览器,在做官方的Hello world 的时候,按照文档,做的如下配置: [code="web.xml"] dwr-invoker org.directwebremoting.servlet.DwrServlet debug true ...
严重: A request has been denied as a potential CSRF attack.
zjqxr的专栏
04-12 184
crossDomainSessionSecurity false
DWR A request has been denied as a potential CSRF attack
不懂不懂
05-07 1008
虽然DWR是个很早就出现的Ajax框架,但一直都没去使用过,今天正好没事就看了一下并参照文档照做了个demo, 在其中碰到一个问题:     后台打印出错误信息:“严重: A request has been denied as a potential CSRF attack.” 在网上google一把 之后,出现此错误的原因大都是说“请求被拒绝,可能存在csrf(cross-site re
myeclipse tomcat 报错 “信息: dwr-invoker: A request has been denied as a potential CSRF attack”解决方案
每天进步一点点儿
04-05 629
严重: A request has been denied as a potential CSRF attack. A request has been denied as a potential CSRF attack.” 在web.xml配置文件中修改dwr的配置: <servlet> <servlet-name>dwr-invoker</serv...
dwr:A request has been denied as a potential CSRF attack.错误的解决
java_zc的博客
09-07 7508
dwr遇到这种错误:  org.directwebremoting.util.CommonsLoggingOutput error  严重: A request has been denied as a potential CSRF attack.  在参照dwr的官方网站时,如果在后台出现如下的提示信息:A request has been denied as a potential CS
亲测遇到dwr的A request has been denied as a potential CSRF attack错误的解决方案
lixinghui2016的博客
02-23 3296
今天刚刚开始了解dwr并在网上下了个中文文档学习,好不容易参照文档照做了个demo,就遇到这样一个问题,后台打印错误信息:“A request has been denied as a potential CSRF attack.” 然后百度出了解决方案,亲测有效! 第1步:在web.xml中添加如下代码: crossDomainSessionSe
DWR入门:web.xml配置与Ajax应用详解
配置DWR的关键步骤包括将DWR.jar文件添加到项目的WEB-INF/lib目录中,以及在web.xml文件中声明DWR Servlet。示例代码展示了如何声明 `<servlet>` 和 `<servlet-mapping>` 部分,其中`<servlet-name>` 是'dwr-invoker...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值