CDD 6.9 does not work on IE and firefox on some systems


Article ID: 127062


Updated On:


Automic Continuous Delivery Director


Acronyms: (Acronym used or referred in document)
  • CDD: Continuous Delivery Director

When trying to access the CDD 6.9 via IE and Firefox on some systems, post log in throws error  "something went wrong".


In our analysis we observed below errors in cdd-server.log file
2019-02-13 13:41:23.803 [http-nio-8443-exec-11] ERROR c.c.r.w.f.OriginVerificationFilter - Failed request based on its origin. You may clear the JSESSIONID cookie request header or logout from the related CDD session Accessing '/cdd/login.jsp' is forbidden from 'https://<cdd-server>:8443/cdd/login.jsp', verified by referer header

Trouble shoot steps
  1. Please check the file located under tomcat host, under directory <USER-HOME>/.cdd/conf
  2. Check for below configuration in
    • cdd.url.schema = https
    • cdd.url.port = 8443
    • cdd.url.virtual_ip = hostname
  3. Check if the hostname (short name or FQDN) is getting resolved via DNS
  4. Check the URL in use to access CDD
With 6.9, we have handled a potential security issue which now validates that the Origin and Referer, will match. There might be a mismatch between what you have defined in file for the cdd.url.virtual_ip and what the browser is sending.

Some observed behavior of browsers
  • Chrome is adding the Origin HTTP header to its requests.
  • IE and Firefox are NOT adding the Origin HTTP header to their requests.
  • IE and Firefox are adding the Referer HTTP header instead - which is using different format and different values.


Continuous Delivery Director: 6.9 ( also valid for higher versions)


The CDD behavior is consistent and in our analysis we identified that in file the hostname is having value as short-name of server and the CDD URL is been accessed via short-name, but as the IE and Firefox are passing the Referer HTTP headers, which is using FQDN hence a mismatch resulting in the error.

Solution: Access the CDD URL with FQDN of server instead of short-name for IE and Firefox


Additional Information


It is advised to access CDD using the exact same server address that was used for executing the CDD Installer. CDD is verifying that any incoming cliet request is coming from a page that was downloaded from CDD itself ( same HTTP schema, same server name and same server port )
For example, if the customer was using for executing CDD Installer, it should also use https:/// for executibg CDD service ( and not https:///test:443 )