Rejected referrer header for POST request | Community
Skip to main content
A
Anonymous
October 16, 2015
Solved

Rejected referrer header for POST request

  • October 16, 2015
  • 5 replies
  • 6994 views

Hi,

We are developing some smart TV apps where we are allowing users to login to CQ. We seem to get this error over https but not http. We have tried providing host in allow.host and allow.empty is set to true. Do i need to raise a daycare for this?

01.10.2014 11:00:55.196 *INFO* [192.168.130.21 [1412114455196] POST /api/content/custom/lsjdlfjlx/login/j_custom_security_check?j_validate=true HTTP/1.1] org.apache.sling.security.impl.ReferrerFilter Rejected referrer header for POST request to /api/content/custom/lsjdlfjlx/login/j_custom_security_check : file:///dtv/usb/sda1/Build_v1.2_SEP29/index.html?country=custom&samsung_country=custom&language=17&lang=en-GB&modelid=13_X12&server=operation&remocon=0_650_259_0&area=ASIA_DTV&product=0&mgrver=5.2841&totalMemory=1524629504&direct=true&webbrowser=true&sourcetype=0&preload=false&pia=false

Any help is appreciated.

Thanks.

    This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
    Best answer by JustinEd3

    Very interesting problem...

    If you have version 1.0.6 of the Sling Security bundle (org.apache.sling.security), you can solve this by using the allow.hosts.regexp configuration property. Set this value (or one of its values, as it is a multi-valued configuration property) to file://:0.

    If you do not have this version of the bundle, I would suggest filing a DayCare issue to get a HotFix containing the updated bundle.

    Justin 

    5 replies

    J
    Adobe Employee
    JustinEd3Adobe EmployeeAccepted solution
    Adobe Employee
    October 16, 2015

    Very interesting problem...

    If you have version 1.0.6 of the Sling Security bundle (org.apache.sling.security), you can solve this by using the allow.hosts.regexp configuration property. Set this value (or one of its values, as it is a multi-valued configuration property) to file://:0.

    If you do not have this version of the bundle, I would suggest filing a DayCare issue to get a HotFix containing the updated bundle.

    Justin 

    A
    Anonymous
    October 16, 2015

    justin_at_adobe wrote...

    Very interesting problem...

    If you have version 1.0.6 of the Sling Security bundle (org.apache.sling.security), you can solve this by using the allow.hosts.regexp configuration property. Set this value (or one of its values, as it is a multi-valued configuration property) to file://:0.

    If you do not have this version of the bundle, I would suggest filing a DayCare issue to get a HotFix containing the updated bundle.

    Justin 

     

    Thanks Justin,

    I have 1.0.4 i was going through source code of 1.6 though. I will raise a day care ticket for it.

    Thanks for the update.

    J
    Adobe Employee
    JustinEd3Adobe Employee
    Adobe Employee
    October 16, 2015

    kumarlal123 wrote...

    justin_at_adobe wrote...

    Very interesting problem...

    If you have version 1.0.6 of the Sling Security bundle (org.apache.sling.security), you can solve this by using the allow.hosts.regexp configuration property. Set this value (or one of its values, as it is a multi-valued configuration property) to file://:0.

    If you do not have this version of the bundle, I would suggest filing a DayCare issue to get a HotFix containing the updated bundle.

    Justin 

     

    Thanks Justin,

    I have 1.0.4 i was going through source code of 1.6 though. I will raise a day care ticket for it.

    Thanks for the update.

     

    FWIW, the actual Sling issue is this one: https://issues.apache.org/jira/browse/SLING-2870

    J
    Adobe Employee
    JustinEd3Adobe Employee
    Adobe Employee
    October 16, 2015

    I also created https://issues.apache.org/jira/browse/SLING-3982 to provide a more intuitive solution, but I think the regex is good enough for now.

    V
    vineetp40789287
    September 24, 2018

    Hi Justin,

    I'm facing issue in uploading the java bundles in felix console.

    whenever I'm trying to upload a bundle , my browser is not responding for some time and after that  its throws http 405 error.

    I tried uploading lower size bundles ,still getting same error.

    I'm using 6.1.

    this is what its logged in log....

    *INFO* [qtp138786950-155] org.apache.sling.security.impl.ReferrerFilter Rejected empty referrer header for POST request to /system/console/bundles

    please help

    Terms & ConditionsAccessibility statement

    Loading footer...