Liferay does not allow to submit form on a web page since it rejects the process action , why this is happening and how to resolved it ?
It seems by default CSRF protection is enabled by liferay , which means each of the from would contain a token and when it is submitted lifeway would check if coming request token is the same with what liferay has issued , if it is not the same then liferay would reject the request.
How to Resolve ?
Option 1 : Change "portlet.xml" for your portlet to disable "check-auth-token" as below:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0"?> | |
| <portlet-app xmlns="http://java.sun.com/xml/ns/portlet/portlet-app_2_0.xsd" | |
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
| xsi:schemaLocation="http://java.sun.com/xml/ns/portlet/portlet-app_2_0.xsd http://java.sun.com/xml/ns/portlet/portlet-app_2_0.xsd" | |
| version="2.0"> | |
| <portlet> | |
| <portlet-name>...</portlet-name> | |
| <display-name>...</display-name> | |
| <portlet-class>...</portlet-class> | |
| <init-param> | |
| <name>check-auth-token</name> | |
| <value>false</value> | |
| </init-param> | |
| <expiration-cache>0</expiration-cache> | |
| <supports> | |
| <mime-type>text/html</mime-type> | |
| <portlet-mode>view</portlet-mode> | |
| </supports> | |
| <portlet-info> | |
| <title>...</title> | |
| <short-title>...</short-title> | |
| <keywords></keywords> | |
| </portlet-info> | |
| <security-role-ref> | |
| <role-name>administrator</role-name> | |
| </security-role-ref> | |
| </portlet> | |
| </portlet-app> |
Option 2 : Add below to ${liferay_installed_dir}/portal-ext.properties
auth.token.ignore.portlets=${form}_WAR_${portlet}
Above solutions tested with liferay-portal-6.2-ce-ga6.
JOB DONE
No comments:
Post a Comment