Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Read More & Register today!
SOLVED

Rejected referrer header for POST request

Avatar

Former Community Member
10/15/15 7:27:27 PM

Hi,

We are developing some smart TV apps where we are allowing users to login to CQ. We seem to get this error over https but not http. We have tried providing host in allow.host and allow.empty is set to true. Do i need to raise a daycare for this?

01.10.2014 11:00:55.196 *INFO* [192.168.130.21 [1412114455196] POST /api/content/custom/lsjdlfjlx/login/j_custom_security_check?j_validate=true HTTP/1.1] org.apache.sling.security.impl.ReferrerFilter Rejected referrer header for POST request to /api/content/custom/lsjdlfjlx/login/j_custom_security_check : file:///dtv/usb/sda1/Build_v1.2_SEP29/index.html?country=custom&samsung_country=custom&language=17&lang=en-GB&modelid=13_X12&server=operation&remocon=0_650_259_0&area=ASIA_DTV&product=0&mgrver=5.2841&totalMemory=1524629504&direct=true&webbrowser=true&sourcetype=0&preload=false&pia=false

Any help is appreciated.

Thanks.

Views

6.1K

Replies

5

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee
Employee
10/15/15 7:27:27 PM

Very interesting problem...

If you have version 1.0.6 of the Sling Security bundle (org.apache.sling.security), you can solve this by using the allow.hosts.regexp configuration property. Set this value (or one of its values, as it is a multi-valued configuration property) to file://:0.

If you do not have this version of the bundle, I would suggest filing a DayCare issue to get a HotFix containing the updated bundle.

Justin 

View solution in original post

Views

4.1K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
5 Replies

Avatar

Correct answer by
Employee
Employee
10/15/15 7:27:27 PM

Very interesting problem...

If you have version 1.0.6 of the Sling Security bundle (org.apache.sling.security), you can solve this by using the allow.hosts.regexp configuration property. Set this value (or one of its values, as it is a multi-valued configuration property) to file://:0.

If you do not have this version of the bundle, I would suggest filing a DayCare issue to get a HotFix containing the updated bundle.

Justin 

Views

4.1K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Former Community Member
10/15/15 7:27:27 PM

justin_at_adobe wrote...

Very interesting problem...

If you have version 1.0.6 of the Sling Security bundle (org.apache.sling.security), you can solve this by using the allow.hosts.regexp configuration property. Set this value (or one of its values, as it is a multi-valued configuration property) to file://:0.

If you do not have this version of the bundle, I would suggest filing a DayCare issue to get a HotFix containing the updated bundle.

Justin 

 

Thanks Justin,

I have 1.0.4 i was going through source code of 1.6 though. I will raise a day care ticket for it.

Thanks for the update.

Views

4.2K

Replies

0

Total Likes

Translate
Translate

Avatar

Employee
Employee
10/15/15 7:27:27 PM

kumarlal123 wrote...

justin_at_adobe wrote...

Very interesting problem...

If you have version 1.0.6 of the Sling Security bundle (org.apache.sling.security), you can solve this by using the allow.hosts.regexp configuration property. Set this value (or one of its values, as it is a multi-valued configuration property) to file://:0.

If you do not have this version of the bundle, I would suggest filing a DayCare issue to get a HotFix containing the updated bundle.

Justin 

 

Thanks Justin,

I have 1.0.4 i was going through source code of 1.6 though. I will raise a day care ticket for it.

Thanks for the update.

 

FWIW, the actual Sling issue is this one: https://issues.apache.org/jira/browse/SLING-2870

Views

4.1K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Employee
Employee
10/15/15 7:27:27 PM

I also created https://issues.apache.org/jira/browse/SLING-3982 to provide a more intuitive solution, but I think the regex is good enough for now.

Views

4.1K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
9/24/18 4:34:49 AM

Hi Justin,

I'm facing issue in uploading the java bundles in felix console.

whenever I'm trying to upload a bundle , my browser is not responding for some time and after that  its throws http 405 error.

I tried uploading lower size bundles ,still getting same error.

I'm using 6.1.

this is what its logged in log....

*INFO* [qtp138786950-155] org.apache.sling.security.impl.ReferrerFilter Rejected empty referrer header for POST request to /system/console/bundles

please help

Views

4.4K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
Redirects do not work with x-aem-client-country header

Views

50

Likes

0

Replies

1
Getting 406 Not Acceptable error code for below API request

Views

115

Likes

0

Replies

3
Minifying not working for Cloud environments

Views

106

Likes

0

Replies

3
how to set up cache invalidation on webserver for multiple domain

Views

119

Likes

0

Replies

4
How to write junit for the below code

Views

110

Likes

0

Replies

2