A request has been denied as a potential CSRF attack

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

症状

You are on a version of Confluence > 3.4

atlassian-confluence.log に次のエラーが返されます。

2012-03-24 14:59:02,248 ERROR [http-8080-14] [org.directwebremoting.dwrp.Batch] error A request has been denied as a potential CSRF attack.
 -- referer: http://confluence.com:8080/pages/editpage.action?pageId=123456 | url: /dwr/call/plaincall/HeartbeatAjax.startActivity.dwr | userName: anonymous

原因

This relates to some javascript in the Confluence editor.  This was removed in 3.4.  Since these files are cached for a long time, people with cached versions of the editor in their browsers will continue to make a heartbeat request back to the Confluence instance, and trigger this error, as the endpoint no longer functions.

ソリューション

Because this is a client side problem, it's difficult to institute a server level change to affect all clients. This error is harmless and will go away over time, as clients will refresh their browsers from time to time. To force the issue, you could instruct all your users to shift-reload while on the edit page screen.

Last modified on Mar 30, 2016

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.