[Geoserver-devel] [JIRA] (GEOS-9353) Geoserver 2.15.3/2.16.0 wicket tabs give status 400 – Bad Request Origin does not correspond to request

GeoServer GeoServer Developer
1

Stefan Overkamp created an issue

GeoServer / BugGEOS-9353

Geoserver 2.15.3/2.16.0 wicket tabs give status 400 – Bad Request Origin does not correspond to request

Issue Type:

BugBug

Affects Versions:

2.15.3, 2.16.0

Assignee:

Unassigned

Created:

01/Oct/19 3:32 PM

Environment:

Docker tomcat:9-jre11

Priority:

HighHigh

Reporter:

Stefan Overkamp

I upgraded our Docker based geoserver installation from Geoserver 2.15.2 to 2.16.0 or 2.15.3.
All starts fine.
When accessing the StatusPage switching to Modules gives
HTTP Status 400 – Bad Request - “Origin does not correspond to request”
The url of the modules tab is:
/geoserver/web/wicket/bookmarkable/org.geoserver.web.admin.StatusPage?4-1.IBehaviorListener.0-tabs-tabs~container-tabs-1-link&_=1569935811364

We are behind a reverse proxy and configured the proxy url in the global settings.
Acessing the geoserver instance without reverse proxy gives no error and shows the modules tab.

Same problem occurs on other tabs e.g. in the styles page.

Adding csrf whitelist was no solution
<context-param>
<param-name>GEOSERVER_CSRF_WHITELIST</param-name>
<param-value>geodaten.metropoleruhr.de</param-value>
</context-param>

Add Comment

Add Comment

Get Jira notifications on your phone! Download the Jira Cloud app for Android or iOS

This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100111-sha1:5bdb5ce)

Atlassian logo