CSRF Security Alert When Accessing The Application

(Doc ID 1383075.1)

Last updated on NOVEMBER 10, 2016

Applies to:

Oracle WebLogic Server - Version 10.3 and later
Information in this document applies to any platform.

Symptoms

When the user trying to access the some functionality of the applicaiton, which actually calls the other applicaiton runnning on diffrent server ( Bussiness Objects Server) to generate reports. It prompts up a window which shows as "potential CSRF attack"

In the logs we can see the respective error message

####<Oct 28, 2011 3:17:28 PM EST> <Error> <mx:BaseCallMarshaller> <tcsauslt454> <mxnode1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <132740> <> <> <1319775448744> <BEA-000000> <A request has been denied as a potential CSRF attack.>
####<Oct 28, 2011 3:17:28 PM EST> <Error> <mx:BaseCallMarshaller> <tcsauslt454> <mxnode1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <132740> <> <> <1319775448747> <BEA-000000> <A request has been denied as a potential CSRF attack.>

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms