A set of property files help JasperReports® Server prevent Cross-Site Request Forgery (CSRF). These key files are described in the JasperReports® Server Administrator Guide.
One of these property files refers to the JasperReports® Server “webapp name”. Currently this file is not automatically updated by the installation procedure. The location of this file is:
<appserver-path>/jasperserver/WEB-INF/esapi/Owasp.CsrfGuard.properties
If you change the name of your webapp from the default (jasperserver), you also need to manually update the Owasp.CsrfGuard.properties file.
So if you modify your default.master.properties like so:
# webAppNamePro = jasperserver
webAppNamePro = jasperserver-inst2
And then do an installation (using the js-install-ce.sh scripts), you need to edit Owasp.CsrfGuard.properties.
Change:
org.owasp.csrfguard.NewTokenLandingPage=/jasperserver/login.html
org.owasp.csrfguard.action.Redirect.Page=/jasperserver/login.html
To:
org.owasp.csrfguard.NewTokenLandingPage=/jasperserver-inst2/login.html
org.owasp.csrfguard.action.Redirect.Page=/jasperserver-inst2/login.html
Recommended Comments
There are no comments to display.