A set of property files help JasperReports Server prevent Cross-Site Request Forgery (CSRF). These key files are described in the JasperReports Server Administrator Guide.
One of these property files refers to the JasperReports Server “webapp name”. Currently this file is not automatically updated by the installation procedure. The location of this file is:
<appserver-path>/jasperserver/WEB-INF/esapi/Owasp.CsrfGuard.properties
If you change the name of your webapp from the default (jasperserver), you also need to manually update the Owasp.CsrfGuard.properties file.
So if you modify your default.master.properties like so:
# webAppNamePro = jasperserver
webAppNamePro = jasperserver-inst2
And then do an installation (using the js-install-ce.sh scripts), you'll need to edit Owasp.CsrfGuard.properties like so:
Change:
org.owasp.csrfguard.NewTokenLandingPage=/jasperserver/login.html
org.owasp.csrfguard.action.Redirect.Page=/jasperserver/login.html
To:
org.owasp.csrfguard.NewTokenLandingPage=/jasperserver-inst2/login.html
org.owasp.csrfguard.action.Redirect.Page=/jasperserver-inst2/login.html
Recommended Comments
There are no comments to display.