Spring Boot: RequestRejectedException: The request was rejected because the URL contained a potentially malicious String “;”

后端 未结 1 1207
半阙折子戏
半阙折子戏 2021-01-19 03:35

I get the following exception when I POST the login credentials for my Spring Boot app.

org.springframework.security.web.firewall.RequestRejectedExcep

1条回答
  •  攒了一身酷
    2021-01-19 04:09

    OK changing server.servlet.session.cookie.http-only=true to server.session.tracking-modes=cookie and changing http://localhost:8080 to http://127.0.0.1:8080/ worked. I found this answer:

    Chrome localhost cookie not being set

    It seems Chrome keeps flipping from allowing localhost to disallowing localhost. It was working about a month or three ago. localhost is working for a Rails app and Chrome is sending the cookies.

    In fact, Chrome is also sending the _mt_rails_session Rails cookie for localhost to the Spring Boot app, but never the JSESSIONID cookie.

    I suspect, but have not confirmed, it may be due to setting up HTTPS on port 8080 for an unrelated 3rd Spring Boot app, and there may be some HSTS setting cached in Chrome internals. It's probably a bug in Chrome.

    0 讨论(0)
提交回复
热议问题