Chrome Issue

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Chrome Issue

wilca014
Hi,

I have this weird issue only with chrome that certain calls are return 403 errors.

Chrome Failed.
10.76.192.11 - - [14/Oct/2019:15:14:57 +1100] "POST /uPortal/p/cache-manager.ctf3/max/action.uP?_csrf=c01b7c1d-cff3-4acd-84d7-155c980765a7&pP_execution=e1s6 HTTP/1.0" 403 - "https://devportal.vu.edu.au/uPortal/p/cache-manager.ctf3/max/render.uP?pP_execution=e1s1&pP__eventId=flush-all" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"

Firefox worked.
10.76.192.11 - - [14/Oct/2019:15:15:44 +1100] "POST /uPortal/p/cache-manager.ctf3/max/action.uP?_csrf=e84f4782-76f3-45ac-8fb0-df98c3e7e0bf&pP_execution=e1s10 HTTP/1.0" 302 - "https://devportal.vu.edu.au/uPortal/p/cache-manager.ctf3/max/render.uP?pP_execution=e1s9&pP__eventId=flush-all" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0"

Has anyone seen this before.

Regards,
Colin

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-user/21ff8690-9a44-4aa4-9fc4-dd699ce24506%40apereo.org.
Reply | Threaded
Open this post in threaded view
|

Re: Chrome Issue

wilca014
Hi Guys,

For some unknown reason its tripping the invalid CORS request.

DEBUG [ajp-nio2-8009-exec-5] o.a.p.security.filter.CorsFilter 2019-10-14 17:22:51,103 - Request origin: https://devportal.vu.edu.au
DEBUG [ajp-nio2-8009-exec-5] o.a.p.security.filter.CorsFilter 2019-10-14 17:22:51,103 - Request method: POST
DEBUG [ajp-nio2-8009-exec-5] o.a.p.security.filter.CorsFilter 2019-10-14 17:22:51,103 - Invalid CORS request; Origin=https://devportal.vu.edu.au;Method=POST

On Monday, 14 October 2019 16:19:32 UTC+11, wilca014 wrote:
Hi,

I have this weird issue only with chrome that certain calls are return 403 errors.

Chrome Failed.
10.76.192.11 - - [14/Oct/2019:15:14:57 +1100] "POST /uPortal/p/cache-manager.ctf3/max/action.uP?_csrf=c01b7c1d-cff3-4acd-84d7-155c980765a7&pP_execution=e1s6 HTTP/1.0" 403 - "<a href="https://devportal.vu.edu.au/uPortal/p/cache-manager.ctf3/max/render.uP?pP_execution=e1s1&amp;pP__eventId=flush-all" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fdevportal.vu.edu.au%2FuPortal%2Fp%2Fcache-manager.ctf3%2Fmax%2Frender.uP%3FpP_execution%3De1s1%26pP__eventId%3Dflush-all\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNG1V6go2HVFQucK7Up-bqjfLTYjcQ&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fdevportal.vu.edu.au%2FuPortal%2Fp%2Fcache-manager.ctf3%2Fmax%2Frender.uP%3FpP_execution%3De1s1%26pP__eventId%3Dflush-all\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNG1V6go2HVFQucK7Up-bqjfLTYjcQ&#39;;return true;">https://devportal.vu.edu.au/uPortal/p/cache-manager.ctf3/max/render.uP?pP_execution=e1s1&pP__eventId=flush-all" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"

Firefox worked.
10.76.192.11 - - [14/Oct/2019:15:15:44 +1100] "POST /uPortal/p/cache-manager.ctf3/max/action.uP?_csrf=e84f4782-76f3-45ac-8fb0-df98c3e7e0bf&pP_execution=e1s10 HTTP/1.0" 302 - "<a href="https://devportal.vu.edu.au/uPortal/p/cache-manager.ctf3/max/render.uP?pP_execution=e1s9&amp;pP__eventId=flush-all" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fdevportal.vu.edu.au%2FuPortal%2Fp%2Fcache-manager.ctf3%2Fmax%2Frender.uP%3FpP_execution%3De1s9%26pP__eventId%3Dflush-all\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGbx5uJv4LeMEgCuRmKB7-p7YISuQ&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fdevportal.vu.edu.au%2FuPortal%2Fp%2Fcache-manager.ctf3%2Fmax%2Frender.uP%3FpP_execution%3De1s9%26pP__eventId%3Dflush-all\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGbx5uJv4LeMEgCuRmKB7-p7YISuQ&#39;;return true;">https://devportal.vu.edu.au/uPortal/p/cache-manager.ctf3/max/render.uP?pP_execution=e1s9&pP__eventId=flush-all" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0"

Has anyone seen this before.

Regards,
Colin

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-user/d5b73663-fc00-4e98-bb29-5f6db4b456b8%40apereo.org.
Reply | Threaded
Open this post in threaded view
|

Re: Chrome Issue

wilca014
In reply to this post by wilca014
Hi,

found the issue and by the looks you have configuration issue that is only effect chrome.

In the CorsFilter class you have the following setting allowed origins to *

public static final String DEFAULT_ALLOWED_ORIGINS = "*";

But in the "securityContext.xml" you are resetting the default as empty string rather the * as it is in the code.

<!-- allowedOrigins should include protocol. For example, "https://idp.myschool.edu, https://cas.myschool.edu" -->
<property name="allowedOrigins" value="${cors.allowed.origins:}" />
<property name="allowedHttpMethods" value="${cors.allowed.methods:GET,HEAD}" />
<property name="allowedHttpHeaders" value="${cors.allowed.headers:Origin,Accept,Authorization,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers}" />
<property name="exposedHeaders" value="${cors.exposed.headers:}" />
<property name="supportsCredentials" value="${cors.support.credentials:true}" />
<property name="preflightMaxAge" value="${cors.preflight.maxage:1800}" />
<property name="decorateRequest" value="${cors.request.decorate:true}" />
</bean>

By the looks you guys have mismatch in the configuration, for some unknown reason it is only affect chrome.

Regards,
Colin




<bean id="corsFilter" class="org.apereo.portal.security.filter.CorsFilter">

On Monday, 14 October 2019 16:19:32 UTC+11, wilca014 wrote:
Hi,

I have this weird issue only with chrome that certain calls are return 403 errors.

Chrome Failed.
10.76.192.11 - - [14/Oct/2019:15:14:57 +1100] "POST /uPortal/p/cache-manager.ctf3/max/action.uP?_csrf=c01b7c1d-cff3-4acd-84d7-155c980765a7&pP_execution=e1s6 HTTP/1.0" 403 - "<a href="https://devportal.vu.edu.au/uPortal/p/cache-manager.ctf3/max/render.uP?pP_execution=e1s1&amp;pP__eventId=flush-all" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fdevportal.vu.edu.au%2FuPortal%2Fp%2Fcache-manager.ctf3%2Fmax%2Frender.uP%3FpP_execution%3De1s1%26pP__eventId%3Dflush-all\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNG1V6go2HVFQucK7Up-bqjfLTYjcQ&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fdevportal.vu.edu.au%2FuPortal%2Fp%2Fcache-manager.ctf3%2Fmax%2Frender.uP%3FpP_execution%3De1s1%26pP__eventId%3Dflush-all\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNG1V6go2HVFQucK7Up-bqjfLTYjcQ&#39;;return true;">https://devportal.vu.edu.au/uPortal/p/cache-manager.ctf3/max/render.uP?pP_execution=e1s1&pP__eventId=flush-all" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"

Firefox worked.
10.76.192.11 - - [14/Oct/2019:15:15:44 +1100] "POST /uPortal/p/cache-manager.ctf3/max/action.uP?_csrf=e84f4782-76f3-45ac-8fb0-df98c3e7e0bf&pP_execution=e1s10 HTTP/1.0" 302 - "<a href="https://devportal.vu.edu.au/uPortal/p/cache-manager.ctf3/max/render.uP?pP_execution=e1s9&amp;pP__eventId=flush-all" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fdevportal.vu.edu.au%2FuPortal%2Fp%2Fcache-manager.ctf3%2Fmax%2Frender.uP%3FpP_execution%3De1s9%26pP__eventId%3Dflush-all\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGbx5uJv4LeMEgCuRmKB7-p7YISuQ&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fdevportal.vu.edu.au%2FuPortal%2Fp%2Fcache-manager.ctf3%2Fmax%2Frender.uP%3FpP_execution%3De1s9%26pP__eventId%3Dflush-all\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGbx5uJv4LeMEgCuRmKB7-p7YISuQ&#39;;return true;">https://devportal.vu.edu.au/uPortal/p/cache-manager.ctf3/max/render.uP?pP_execution=e1s9&pP__eventId=flush-all" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0"

Has anyone seen this before.

Regards,
Colin

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-user/1ee79a60-b9aa-4d79-a3a0-8a7bf2466745%40apereo.org.