Konstantin,
On 12/20/23 12:10, Konstantin Kolinko wrote:
пт, 1 дек. 2023 г. в 23:27, Christopher Schultz :
[...]
I build-from-source and launch my custom-build Tomcat with my
application in it. No logging. Oh, right... logging.properties. So I add
this to my conf/logging.properties file:
org
пт, 1 дек. 2023 г. в 23:27, Christopher Schultz :
>
> [...]
>
> I build-from-source and launch my custom-build Tomcat with my
> application in it. No logging. Oh, right... logging.properties. So I add
> this to my conf/logging.properties file:
>
> org.apache.catalina.filters.CsrfPreventionFilter.le
Chris
CS> HTTP POST should not be prohibited unless I'm reading
CS> both the code and the CSRF specs incorrectly.
cjb> Pretend that it does. How would you solve that?
CS> You have to manually add the CSRF token in each
CS> in a hidden FORM parameter. It's doable, but it sucks to
CS> have to do
Cris,
On 12/11/23 12:48, Berneburg, Cris J. - US wrote:
Hi Chris
Any ideas? About EITHER issue?
Ping. Any ideas?
Yeah, and hopefully you won't gag too much. :-P
[SNIP]
My application is using log4j2, but that library is only used by the application
and the JAR file is in WEB-INF/lib/. I w
Hi Chris
> Any ideas? About EITHER issue?
> Ping. Any ideas?
Yeah, and hopefully you won't gag too much. :-P
[SNIP]
> My application is using log4j2, but that library is only used by the
> application
> and the JAR file is in WEB-INF/lib/. I wouldn't expect that it would interfere
> with serve
All,
Ping. Any ideas?
-chris
On 12/1/23 15:26, Christopher Schultz wrote:
All,
I'm experimenting with the CsrfPreventionFilter in Tomcat 8.5. I've had
issues with it in the past so I haven't actually enabled it in any of my
applications, but I'm sufficiently motivated at this point to get i
Lasse,
On 12/1/23 15:45, Lasse Lindqvist wrote:
Well, one thing that could be wrong is that Log4j2 does not have FINE or
FINEST levels. It does have TRACE. If that does not fix things, you could
always change tour log.trace to log.error if you only care about debugging
the original issue.
I'm
Well, one thing that could be wrong is that Log4j2 does not have FINE or
FINEST levels. It does have TRACE. If that does not fix things, you could
always change tour log.trace to log.error if you only care about debugging
the original issue.
pe 1. jouluk. 2023 klo 22.28 Christopher Schultz (
ch..
