In our analysis we observed below errors in cdd-server.log file
2019-02-13 13:41:23.803 [http-nio-8443-exec-11] ERROR c.c.r.w.f.OriginVerificationFilter - Failed request based on its origin. You may clear the JSESSIONID cookie request header or logout from the related CDD session
com.ca.rp.exceptions.rest.ValidationException: Accessing '/cdd/login.jsp' is forbidden from 'https://<cdd-server>:8443/cdd/login.jsp', verified by referer header
Trouble shoot steps
- Please check the settings.properties file located under tomcat host, under directory <USER-HOME>/.cdd/conf
- Check for below configuration in settings.properties
- cdd.url.schema = https
- cdd.url.port = 8443
- cdd.url.virtual_ip = hostname
- Check if the hostname (short name or FQDN) is getting resolved via DNS
- Check the URL in use to access CDD
With 6.9, we have handled a potential security issue which now validates that the
Origin and
Referer, will match. There might be a mismatch between what you have defined in settings.properties file for the cdd.url.virtual_ip and what the browser is sending.
Some observed behavior of browsers
- Chrome is adding the Origin HTTP header to its requests.
- IE and Firefox are NOT adding the Origin HTTP header to their requests.
- IE and Firefox are adding the Referer HTTP header instead - which is using different format and different values.