« Return to Thread: DWR 3 M1: dwr/call/plaincall/__System.pageLoaded.dwr on "wrong" port/server
Re: DWR 3 M1: dwr/call/plaincall/__System.pa
by David Marginian-2
::
Rate this Message:
So you are still having a problem because of the
crossDomainSessionSecurity exception?
I don't see how this is happening if you have the
crossDomainSessionSecurity disabled. I would put a breakpoint in
BaseDwrpHandler.checkNotCsrfAttack. That is the only place that
exception is thrown and if you look at the method I don't see how it can
be thrown if you have set crossDomainSessionSecurity to false.
Jochen Huber wrote:Jochen Huber wrote:
> I've already configured the cross-domain feature and set the
> crossDomainSessionSecurity to false. Without this being set to false, I
> wouldn't have been able to use my scripts in the setup mentioned above with
> DWR 2.0.x. In DWR 2.0.x, I set the _path for every remote object to the
> absolute path to the scripts on the Tomcat.
>
> Perhaps a member of the dev team can bring light into this...
>
>
> David Marginian-2 wrote:
>
>> I don't know the exact reasons but a lot of improvements have been made
>> in 3.0. Obviously, the cross-domain feature is there for security
>> purposes but it can be configured:
>> http://directwebremoting.org/dwr/server/servlet.
>>
>> The bottom-line is that what you are doing is far from a typical use
>> case. Most users would configure apache to forward the requests to
>> tomcat and be done with it (no DWR changes necessary).
>>
>> There may be a better way to accomplish what you need but we'll have to
>> wait for someone on the list who knows more than me.
>>
>>
> I've already configured the cross-domain feature and set the
> crossDomainSessionSecurity to false. Without this being set to false, I
> wouldn't have been able to use my scripts in the setup mentioned above with
> DWR 2.0.x. In DWR 2.0.x, I set the _path for every remote object to the
> absolute path to the scripts on the Tomcat.
>
> Perhaps a member of the dev team can bring light into this...
>
>
> David Marginian-2 wrote:
>
>> I don't know the exact reasons but a lot of improvements have been made
>> in 3.0. Obviously, the cross-domain feature is there for security
>> purposes but it can be configured:
>> http://directwebremoting.org/dwr/server/servlet.
>>
>> The bottom-line is that what you are doing is far from a typical use
>> case. Most users would configure apache to forward the requests to
>> tomcat and be done with it (no DWR changes necessary).
>>
>> There may be a better way to accomplish what you need but we'll have to
>> wait for someone on the list who knows more than me.
>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@...
For additional commands, e-mail: dev-help@...
crossDomainSessionSecurity exception?
I don't see how this is happening if you have the
crossDomainSessionSecurity disabled. I would put a breakpoint in
BaseDwrpHandler.checkNotCsrfAttack. That is the only place that
exception is thrown and if you look at the method I don't see how it can
be thrown if you have set crossDomainSessionSecurity to false.
Jochen Huber wrote:Jochen Huber wrote:
> I've already configured the cross-domain feature and set the
> crossDomainSessionSecurity to false. Without this being set to false, I
> wouldn't have been able to use my scripts in the setup mentioned above with
> DWR 2.0.x. In DWR 2.0.x, I set the _path for every remote object to the
> absolute path to the scripts on the Tomcat.
>
> Perhaps a member of the dev team can bring light into this...
>
>
> David Marginian-2 wrote:
>
>> I don't know the exact reasons but a lot of improvements have been made
>> in 3.0. Obviously, the cross-domain feature is there for security
>> purposes but it can be configured:
>> http://directwebremoting.org/dwr/server/servlet.
>>
>> The bottom-line is that what you are doing is far from a typical use
>> case. Most users would configure apache to forward the requests to
>> tomcat and be done with it (no DWR changes necessary).
>>
>> There may be a better way to accomplish what you need but we'll have to
>> wait for someone on the list who knows more than me.
>>
>>
> I've already configured the cross-domain feature and set the
> crossDomainSessionSecurity to false. Without this being set to false, I
> wouldn't have been able to use my scripts in the setup mentioned above with
> DWR 2.0.x. In DWR 2.0.x, I set the _path for every remote object to the
> absolute path to the scripts on the Tomcat.
>
> Perhaps a member of the dev team can bring light into this...
>
>
> David Marginian-2 wrote:
>
>> I don't know the exact reasons but a lot of improvements have been made
>> in 3.0. Obviously, the cross-domain feature is there for security
>> purposes but it can be configured:
>> http://directwebremoting.org/dwr/server/servlet.
>>
>> The bottom-line is that what you are doing is far from a typical use
>> case. Most users would configure apache to forward the requests to
>> tomcat and be done with it (no DWR changes necessary).
>>
>> There may be a better way to accomplish what you need but we'll have to
>> wait for someone on the list who knows more than me.
>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@...
For additional commands, e-mail: dev-help@...
« Return to Thread: DWR 3 M1: dwr/call/plaincall/__System.pageLoaded.dwr on "wrong" port/server
| Free embeddable forum powered by Nabble | Forum Help |
