Cross-Site Frogery Token(CSRF) prohibits access to debug page (Doc ID 1477269.1)

Last updated on MAY 16, 2017

Applies to:

Oracle Waveset - Version 8.1.1.5 and later
Information in this document applies to any platform.
***Checked for relevance on 30-Dec-2013***

Goal

The purpose of this knowledge article is to inform customers that 2 known issues exist in Oracle Waveset 8.1.1.5, 8.1.1.6, and 8.1.1.7 related to the Cross-Site Frogery Token setting defined in System Configuration object.

       <Attribute name='csrfGuardToken'>
                <Object>
                  <Attribute name='enable'>
                    <Boolean>true</Boolean>
                  </Attribute>

 

If 'crsfGuardToken' set to 'true', an error message shall appear while accessing IdM debug page or trying to save trace setting.

Security Violation: Incoming HttpServletRequest considered invalid by CSRFGUARD from address: xxx.xx.xx.xx

Known issues are :

1. Bug 14331259 - CSRF error when specifying debug path - only occurs in internet explorer.

2. Bug 14255992 - CSRF error when trying to save trace.


Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms