DWR2跨域访问异常【A request has been denied as a potential CSRF attack】
异常:
A request has been denied as a potential CSRF attack
java.lang.SecurityException, Session Error
发生:升级dwr2、tomcat7、weblogic11、jsp中dwr路径问题
解决:
1、添加跨域访问参数
<servlet>
<servlet-name>dwr-invoker</servlet-name>
<servlet-class>org.directwebremoting.servlet.DwrServlet</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>true</param-value>
</init-param>
<!-- 开启跨域调用 -->
<init-param>
<param-name>crossDomainSessionSecurity</param-name>
<param-value>false</param-value>
</init-param>
</servlet>
2、调整jsp的dwr路径:
测试页面的路径:/Struts12/WebRoot/dwrDemo/index.jsp
调整前:
<script type="text/javascript" src="dwr/engine.js"></script>
<script type="text/javascript" src="dwr/util.js"></script>
<script type="text/javascript" src="dwr/interface/UserService.js"></script>
调整后,访问正常:
<script type="text/javascript" src="../dwr/engine.js"></script>
<script type="text/javascript" src="../dwr/util.js"></script>
<script type="text/javascript" src="../dwr/interface/UserService.js"></script>
【】
上一篇: 苹果正式宣布App Store订阅式服务
下一篇: 免费订阅最新文章