Adobe Experience Manager Sites & More

Report · 10/15/15

Hi,

We are developing some smart TV apps where we are allowing users to login to CQ. We seem to get this error over https but not http. We have tried providing host in allow.host and allow.empty is set to true. Do i need to raise a daycare for this?

01.10.2014 11:00:55.196 *INFO* [192.168.130.21 [1412114455196] POST /api/content/custom/lsjdlfjlx/login/j_custom_security_check?j_validate=true HTTP/1.1] org.apache.sling.security.impl.ReferrerFilter Rejected referrer header for POST request to /api/content/custom/lsjdlfjlx/login/j_custom_security_check : file:///dtv/usb/sda1/Build_v1.2_SEP29/index.html?country=custom&samsung_country=custom&language=17&lang=en-GB&modelid=13_X12&server=operation&remocon=0_650_259_0&area=ASIA_DTV&product=0&mgrver=5.2841&totalMemory=1524629504&direct=true&webbrowser=true&sourcetype=0&preload=false&pia=false

Any help is appreciated.

Thanks.

justin_at_adobe · 10/15/15

Very interesting problem...

If you have version 1.0.6 of the Sling Security bundle (org.apache.sling.security), you can solve this by using the allow.hosts.regexp configuration property. Set this value (or one of its values, as it is a multi-valued configuration property) to file://:0.

If you do not have this version of the bundle, I would suggest filing a DayCare issue to get a HotFix containing the updated bundle.

Justin

View solution in original post

justin_at_adobe · 10/15/15

Very interesting problem...

If you have version 1.0.6 of the Sling Security bundle (org.apache.sling.security), you can solve this by using the allow.hosts.regexp configuration property. Set this value (or one of its values, as it is a multi-valued configuration property) to file://:0.

If you do not have this version of the bundle, I would suggest filing a DayCare issue to get a HotFix containing the updated bundle.

Justin

Report · 10/15/15

justin_at_adobe wrote...

Very interesting problem...

If you have version 1.0.6 of the Sling Security bundle (org.apache.sling.security), you can solve this by using the allow.hosts.regexp configuration property. Set this value (or one of its values, as it is a multi-valued configuration property) to file://:0.

If you do not have this version of the bundle, I would suggest filing a DayCare issue to get a HotFix containing the updated bundle.

Justin

Thanks Justin,

I have 1.0.4 i was going through source code of 1.6 though. I will raise a day care ticket for it.

Thanks for the update.

justin_at_adobe · 10/15/15

kumarlal123 wrote...

justin_at_adobe wrote...

Very interesting problem...

If you have version 1.0.6 of the Sling Security bundle (org.apache.sling.security), you can solve this by using the allow.hosts.regexp configuration property. Set this value (or one of its values, as it is a multi-valued configuration property) to file://:0.

If you do not have this version of the bundle, I would suggest filing a DayCare issue to get a HotFix containing the updated bundle.

Justin

Thanks Justin,

I have 1.0.4 i was going through source code of 1.6 though. I will raise a day care ticket for it.

Thanks for the update.

FWIW, the actual Sling issue is this one: https://issues.apache.org/jira/browse/SLING-2870

justin_at_adobe · 10/15/15

I also created https://issues.apache.org/jira/browse/SLING-3982 to provide a more intuitive solution, but I think the regex is good enough for now.

vineetp40789287 · 9/24/18

Hi Justin,

I'm facing issue in uploading the java bundles in felix console.

whenever I'm trying to upload a bundle , my browser is not responding for some time and after that its throws http 405 error.

I tried uploading lower size bundles ,still getting same error.

I'm using 6.1.

this is what its logged in log....

*INFO* [qtp138786950-155] org.apache.sling.security.impl.ReferrerFilter Rejected empty referrer header for POST request to /system/console/bundles

please help

Adobe Experience Manager Sites & More

Rejected referrer header for POST request

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe