[WICKET-4841] Return error code 400 when an Ajax request has no base url set in header/request parameters. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.5.8
Fix Version/s: 1.5.9, 6.3.0
Component/s: wicket
Labels:
None

Description

Hello,

currently we've got a problem with faked ajax requests. these ajax
requests misses some parameters, but the wicket-ajax header flag is set.
So ServletWebRequest throws an exception:

java.lang.IllegalStateException: Current ajax request is missing the base url header or parameter
at org.apache.wicket.util.lang.Checks.notNull(Checks.java:38)
at org.apache.wicket.protocol.http.servlet.ServletWebRequest.getClientUrl(ServletWebRequest.java:171)
at org.apache.wicket.request.UrlRenderer.<init>(UrlRenderer.java:59)

These faked requests are so massive, that our application is no longer
monitorable. Our workaround rejects these requests via apache config.

Instead of logging an exception, in deployment mode wicket should log a warning and reject the request

Attachments

Activity

People

Assignee:: Martin Tzvetanov Grigorov

Reporter:: Jan Riehn

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 25/Oct/12 16:13

Updated:: 05/Nov/12 09:29

Resolved:: 05/Nov/12 09:29