internet explorer 11 - Play 2.4 (Java) : posting a form returns Unauthorized in IE11, works in Chrome -


i migrated play 2.4.6 activator 1.3.7.

i have secured controller that's handling form. form submission works in chrome, in ie11, http post result 403 code (unauthorized). don't understand why happening. intermittent problem : same user connected, post works, doesn't. other posts application (on other page) work ok. can ?

i use action composition authorization , automatic csrf filters play provides, have worked under play 2.3. work play 2.4.6 in chrome, have followed steps of csrf configuration ... need make work in ie because of user base.

here controller :

@play.mvc.security.authenticated(secured.class) @authorize(minlevel=permissionlevel.vendor) public class soumrapideflexible extends controller { ...   public static result save(){           form<soumflex> boundform = soumflexform.bindfromrequest();      if(boundform.haserrors()){                   return badrequest(page.render(boundform));     }     ... // else stuff soumflex object   } }

and here form, stripped down essential:

@(myform: form[soumflex]) @import helper._ <!doctype html> <html> <head>                                   <script data-main="@routes.assets.versioned("javascripts/main_soumflex")"  src="@routes.assets.versioned("lib/requirejs/require.js")"></script>               </head> <body>     @form(routes.soumrapideflexible.save(), 'class -> "form-horizontal") {         @csrf.formfield          <div class="form-group">             <label class="col-md-2 control-label" for="inputprojet">projet</label>             <div class="col-md-4">             <input type="text" class="form-control" id="inputprojet" name="inputprojet" placeholder="nom du projet" required>             </div>         </div>         //... , many other form fields in similar fashion...          <input type="submit" class="btn btn-primary" id="soumettresoum" value="save">                        </div> <!-- resumesoum -->     }    </div>                                </body> </html>

it if user credentials lost or csrf token not right... has idea why i'd have such behavior in ie11? please help.

first used this implementation of global csrf filter gave me problem outlined above.

then tried this implementation (replacing gzip csrf) , problem seems have disappeared ! think having final property did trick.


Comments

Post a Comment

Popular posts from this blog

authentication - Mongodb revoke acccess to connect test database -

i have ec2 instance mongodb 3.2.0 installed. have user admin access. can connect user , perform operation remotely. 1 can connect database test remote if knows ip mongo 11.11.11.11. although not able make operations, want restrict access user credentials can connect server. first need create users , grant roles users, example: use admin db.createuser( { user: "myuseradmin", pwd: "abc123", roles: [ { role: "useradminanydatabase", db: "admin" } ] } ) then need start server --auth parameter mongod --auth more information here
Read more

r - Update two sets of radiobuttons reactively - shiny -

i have read ( how make choices in radiobuttons reactive in shiny? ) shows me how update radiobutton s in reactive way. however, when try , update 2 sets of buttons same data, 1 set renders. example: server: # create example data wafer <- rep(c(1:3), each=3) length <- c(1,1,2,1,1,1,3,5,1) width <- c(3,1,6,1,1,1,1,1,6) dd <- data.frame(wafer, length, width) shinyserver(function(input, output, session){ # create reactive dataframe store data values <- reactivevalues() values$df <- data.frame() # lengths , widths of wafer user input <- eventreactive(input$do, { subset(dd, wafer %in% input$wafer, select = length:width) }) # update reactive data frame lengths , widths have been selected user input observe({ if(!is.null(a())) { values$df <- rbind(isolate(values$df), a()) } }) output$wl <- renderdatatable({ a() }) # update radio buttons unique length , widths stored in values$df # ever "observe" put first in co...
Read more

ios - Realm over CoreData should I use NSFetchedResultController or a Dictionary? -

i'm working on app using core data , nsfetchedresultcontroller many reasons switch use realm. saw there "realm version" of nsfetchedresultcontroller on github wouldn't compatible current code using core data. the view controller displaying list of people same school, address book. list sublist of people studied in same city. so thinking make 1 unique request database retrieve list of people , filter locally list within 1 dictionary per school [string: anyobject] string section name within tableview , anyobject array of people. first solution, make nsfetchedresultcontroller each school predicate filtering location. delete actions etc.. handled delegates -> not compatible realm create dictionaries , update them each actions... -> works realm it's annoying code. any better solution? edit: i need clarify request: i'd write class inherit uitableviewcontroller. this class has list of people sorted in alphabetical order the tableview has ...
Read more