how can we download version 3.3.2 or 4.0.0 snapshots? On Thu, Sep 21, 2017 at 10:11 AM, Maxim Solodovnik <[email protected]> wrote:
> In case of CSRF you should have the record in the logs CSRF was violated > Is it the case? > > On Thu, Sep 21, 2017 at 3:56 AM, Coscend@OM <[email protected]> > wrote: > >> Dear OpenMeetings Users, >> >> >> >> We would appreciate any vectors to resolve the following issue: >> >> >> >> We successfully installed, configured, logged in OM 3.3.2 Snapshot >> >> 1. Internally, i.e., http://IP:port/openmeetings >> >> 2. Externally, i.e., http://<our.FQDN.name>:port/openmeetings >> >> OM logs have a line: >> >> DEBUG 09-20 14:45:14.219 221956 388 o.a.o.w.a.Application >> [105-6083-exec-2] - Adding online client: >> 63e8a860-65c6-4687-a7e0-ca435ca21ec6, >> room: null >> >> >> >> ISSUE >> >> -------- >> >> However, we are unable to login to OM 3.3.2 Snapshot via Proxy server. >> When we click on submit username/password, it reloads the login page. >> >> OM logs are MISSING this line: “Adding online client:…” >> >> >> >> >> >> QUESTIONS >> >> -------- >> >> >> >> 1. What has changed between OM 3.3.2 and 3.3.0 that does not POST >> login credentials? Anything to do with Session variables and session >> request handlers? >> >> 2. We have used the proxy server settings that are working perfectly >> with OM 3.3.0 in which CSRF and CSP, XSS were introduced. >> >> Alteametasoft Demo server: What additional proxy settings needed to be >> added to Apache Web server to enable OM 3.3.2? >> >> >> >> Source of proxy server settings: >> >> i) CSRF: http://markmail.org/message/o4szinpxt4e2tzch >> >> ii) Proxy logging: http://markmail.org/message/mf >> t3m5bdjeqxwicw >> >> >> >> Thank you. >> >> >> >> Sincerely, >> >> >> >> Hemant K. Sabat >> >> >> >> Coscend Communications Solutions >> >> www.Coscend.com <http://www.coscend.com/> >> >> ------------------------------------------------------------------ >> >> *Real-time, Interactive Video Collaboration, Tele-healthcare, >> Tele-education, Telepresence Services, on the fly…* >> >> ------------------------------------------------------------------ >> >> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail >> Messages from Coscend Communications Solutions' posted at: >> http://www.Coscend.com/Terms_and_Conditions.html >> <http://www.coscend.com/Terms_and_Conditions.html> >> >> >> >> >> >> >> >> >> <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> >> Virus-free. >> www.avg.com >> <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> >> <#m_3427411054342320803_m_-3774582028157409911_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> >> > > > > -- > WBR > Maxim aka solomax >
