On 18/01/2013 12:01, Tim Watts wrote:
> On 18/01/13 11:45, Mark Thomas wrote:
>> On 18/01/2013 11:07, Tim Watts wrote:
>>> Anyone?
>>
>
> Hi Mark,
>
>> Tomcat doesn't give two hoots about the origin header.
>
> Curious - I wonder how me editing it helped? Unless it caused some
> knockon somewher
On 18/01/13 11:45, Mark Thomas wrote:
On 18/01/2013 11:07, Tim Watts wrote:
Anyone?
Hi Mark,
Tomcat doesn't give two hoots about the origin header.
Curious - I wonder how me editing it helped? Unless it caused some
knockon somewhere.
It does care
about the Host header.
That would m
On 18/01/13 11:27, André Warnier wrote:
I don't know if this really helps or improves things, but the standard way of
handling the
Location in redirects is via the ProxyPassReverse directive (which is probably
more
efficient here - and more easily understood - than the Header-edit).
The ProxyP
On 18/01/2013 11:07, Tim Watts wrote:
> Anyone?
Tomcat doesn't give two hoots about the origin header. It does care
about the Host header.
It is hard to tell exactly what is going wrong from your post but you
may need one or more of the following:
http://httpd.apache.org/docs/2.2/mod/mod_proxy.h
Tim Watts wrote:
Anyone?
On 14/01/13 17:24, Watts, Timothy wrote:
Hi,
Is there a way to *tell* j_security_check that an Origin: header set
(during the login POST request) to a remote server is permitted (and is
not an XSS attack)?
We have a tomcat server T running a tomcat webapp that us
Anyone?
On 14/01/13 17:24, Watts, Timothy wrote:
Hi,
Is there a way to *tell* j_security_check that an Origin: header set
(during the login POST request) to a remote server is permitted (and is
not an XSS attack)?
We have a tomcat server T running a tomcat webapp that uses
j_security_chec
Hi,
Is there a way to *tell* j_security_check that an Origin: header set
(during the login POST request) to a remote server is permitted (and is
not an XSS attack)?
We have a tomcat server T running a tomcat webapp that uses
j_security_check to auth users
(Excuse me - I am not the tom
