I am trying to work with CSRFGuard API to fix CSRF Vulnerability in my application. For that purpose I am using Javascript injection to do so.
I am doing so by including the following line in my jsp:
<script type="text/javascript" src="javascriptservlet"></script>
When I run it with localhost, it gets loaded in browser perfectly. But when I host my application on a server, it doesnot get loaded. I looked in the response headers and it says
The origin server did not find a current representation for the target resource or is not willing to disclose that one exists
I tried to change the script tag like :
<script type="text/javascript" src="https://<servername>:<port>/appcontext/javascriptservlet"></script>
but I get same result in response headers and the response from "javascriptservlet" doesnot loaded in browser which is a JavaScript.
Also when I hit the url in the browser's address bar, I get the response with the Javascript successfully but it is failing to load the Javascript when referred from tag
I am really stuck with this thing . Any help would be much appreciated.
I resolved the issue. It was a minor tweek. Just corrected the referer-pattern in web.xml where JavaScript servlet configuration is defined.