Is this some new security added in tomcat8 or 9 that we need to account for? Or is it a file permissions issue somehow?
I'd really appreciate any insight anyone has.
Prof. Victor Norman
Calvin College University
[hidden email]<mailto:[hidden email]>
"A designer knows he has achieved perfection not when there is nothing left to add, but when there is nothing left to take away." -- Antoine de Saint Exupéry
Since you have an "Origin" header, is this a REST call? Are you using
CORS? Has it been configured correctly?
> * Pragma: no-cache * Referer:
> http://agora.cs.calvin.edu:8080/agora/ * User-Agent: Mozilla/5.0
> (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36
> (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
> What is this request to POST to ../api/tokens?
This must be something Guacamole-related, or in your own application.
Tomcat won't do this.
> Is this some new security added in tomcat8 or 9 that we need to
> account for? Or is it a file permissions issue somehow?
> I'd really appreciate any insight anyone has.
It's tough to say why you are getting this response. You will probably
have to dig-into your application's logs to see what is happening. If
you have CORS enabled, it's very easy to get that configuration wrong
and lock clients out.
If that HTML response is generated by a JSP page, use <%@page session="false"%>.
(Also, I wonder whether one needs to return a HTML page? A JSP page
may generate a redirect response with HTTP status code 302 by using <%
response.sendRedirect(...) %> code instead of relying on a "meta
refresh" element of HTML).
The POST request sends no data - the length of content is zero..
Looking at the source code , if I figured it correctly, I think
that it actually expects a username and a password.