CSRF Security Errors

Problem

Using Tomcat 7, every request from the Escenic Community Expansion is rejected as a potential CSRF (cross-site request forgery) attack, resulting in this session error message:

A request has been denied as a potential CSRF attack
Solution

In Tomcat 7 the useHTTPOnly option is set to true by default, and this setting is not supported by the Escenic Community Expansion's qualification module. To fix the problem, edit Context.xml in your Tomcat installations conf directory and set useHttpOnly to false:

<Context useHttpOnly=false >

Copyright © 2009-2014 Escenic