最近换到了tomcat7,运行代码的时候发现问题了,
控制台所有的dwr请求都变成了:“A request has been denied as a potential CSRF attack”
所有的都不能访问,提示跨域访问问题,然后换回tomcat6,发现每一点问题,
网上查了半天,发现时dwr的问题
解决办法如下:
修改web.xml的dwr配置,:
[xhtml] view plain copy
- <listener>
- <listener-class>
- org.directwebremoting.servlet.EfficientShutdownServletContextListener
- </listener-class>
- </listener>
- <display-name>DWR (Direct Web Remoting)</display-name>
- <description>A Simple Demo DWR</description>
- <servlet>
- <servlet-name>dwr-invoker</servlet-name>
- <servlet-class>
- org.directwebremoting.servlet.DwrServlet
- </servlet-class>
- <!-- This should NEVER be present in live -->
- <init-param>
- <param-name>debug</param-name>
- <param-value>true</param-value>
- </init-param>
- <!-- Remove this unless you want to use active reverse ajax -->
- <init-param>
- <param-name>activeReverseAjaxEnabled</param-name>
- <param-value>true</param-value>
- </init-param>
- <!-- By default DWR creates application scope objects when they are first
- used. This creates them when the app-server is started -->
- <init-param>
- <param-name>
- initApplicationScopeCreatorsAtStartup
- </param-name>
- <param-value>true</param-value>
- </init-param>
- <!-- This enables full streaming mode. It's probably better to leave this
- out if you are running across the internet -->
- <init-param>
- <param-name>maxWaitAfterWrite</param-name>
- <param-value>-1</param-value>
- </init-param>
- <!--
- For more information on these parameters, see:
- - http://getahead/dwr/server/servlet
- - http://getahead/dwr/reverse-ajax/configuration
- -->
- <!-- 新加corssDomainSessionSecurity参数 -->
- <init-param>
- <param-name>crossDomainSessionSecurity</param-name>
- <param-value>false</param-value>
- </init-param>
- <load-on-startup>1</load-on-startup>
- </servlet>
- <servlet-mapping>
- <servlet-name>dwr-invoker</servlet-name>
- <url-pattern>/dwr/*</url-pattern>
- </servlet-mapping>
- <session-config>
- <session-timeout>3000</session-timeout>
- </session-config>
- <welcome-file-list>
- <welcome-file>brandlogin.html</welcome-file>
- </welcome-file-list>
其中最主要的地方是:
[xhtml] view plain copy
- <init-param>
- <param-name>crossDomainSessionSecurity</param-name>
- <param-value>false</param-value>
- </init-param>
改完之后,重新运行了下,发现一切ok,但是网上还有一个提示,dwr的引用必须进行修改
改成如下的方式:
[xhtml] view plain copy
- <mce:script type='text/javascript' src="dwr/engine.js" mce_src="dwr/engine.js"></mce:script>
- <mce:script type='text/javascript' src="dwr/util.js" mce_src="dwr/util.js"></mce:script>
更多推荐
tomcat7:dwr下A request has been denied as a potential CSRF attack.
发布评论