Predictions Application Error

53 views
Skip to first unread message

Roger

unread,
Nov 4, 2014, 12:55:15 AM11/4/14
to web4j...@googlegroups.com
I was trying to set up the Predictions app. The site is up and running locally. I tried to register but ran into this error in the log:

CSRF token does not match the expected value. Rejecting this request, since it is likely an attack.


On the web page, I saw this error:

Problem Detected

A problem with the underlying HTTP request has been detected.
Possible problems include :

the request URL has an unexpected form
the request URL violates a data ownership constraint
the request includes spam
the request has an unexpectedly large size
the request includes an unexpected request parameter
the request uses a 'GET', and should use a 'POST' instead


My register login entry does not look like an attack to me:
Login name: FirstUser
Screen name: FirstScreen
Email: an email address that is in proper format
Password: password
Confirm: same as above
Type the correct captcha. Captcha is up and running on the web page.

I tried to keep the registration entry as simple as possible. What else can be missing?

Thanks,

Roger



John O'Hanley

unread,
Nov 4, 2014, 8:38:24 AM11/4/14
to web4j...@googlegroups.com
Hi Roger,

You're correct, it's not an attack. But something is wrong with the incoming POST that's not correct, and makes the request unacceptable to the mechanism that validates incoming requests.

Have you followed all of the setup instructions, including the captcha configuration in web.xml?:
http://www.web4j.com/GettingStartedGuide.jsp#Recaptcha
That is the main suspect.

If the captcha config is ok, then are you doing anything odd anywhere? Have you deviated from the recommended setup?

If you view-source with the form, do you see the CSRF token inside the form as a hidden parameter, like this?:
<input type='hidden' name='web4j_key_for_form_source_id' value='151jdk65654dasdf545sadf6a5s4f'>

Are you waiting a long time before POSTing the form during registration?


The CSRF mechanism is described here. It's one of the more complicated parts of web4j. My guess is that your error is occurring as a side-effect of some other error.
http://www.web4j.com/UserGuide.jsp#CSRF


- John

Roger

unread,
Nov 4, 2014, 11:01:42 PM11/4/14
to web4j...@googlegroups.com
Confirmed there was a side effect of another error. I fixed it and was able to register a new user.

But I was not able to login. The page kept displaying "Please try again" after I clicked the login button. I tried several times but the log did not print out anything. I also tried the default user 'testeD' with 'testtest' password. That did not work either.

I used Postgre instead of the default MySQL. Not sure if that might have caused the problem.

Thanks,

Roger
Reply all
Reply to author
Forward
0 new messages