我在运行应用程序时遇到错误
WARNING: [SECURITY FAILURE Anonymous:null@unknown -> 127.0.0.1:8080/ExampleApplication/SecurityWrapperResponse] Attempt to set invalid header denied
org.owasp.esapi.errors.ValidationException: setHeader: Invalid input. The maximum length of 20 characters was exceeded.
at org.owasp.esapi.reference.validation.StringValidationRule.checkLength(StringValidationRule.java:214)
at org.owasp.esapi.reference.validation.StringValidationRule.checkLength(StringValidationRule.java:229)
at org.owasp.esapi.reference.validation.StringValidationRule.getValid(StringValidationRule.java:281)
at org.owasp.esapi.reference.DefaultValidator.getValidInput(DefaultValidator.java:214)
at org.owasp.esapi.reference.DefaultValidator.getValidInput(DefaultValidator.java:185)
at org.owasp.esapi.filters.SecurityWrapperResponse.setHeader(SecurityWrapperResponse.java:447)
我试过改变下面的属性,但它不起作用
Validator.HTTPHeaderName = ^ [a-zA-Z0-9 \ -_] {1,32} $已更改32到50,但仍然抛出同样的错误
我的标题是response.setHeader(“Access-Control-Allow-Origin”,“*”);当我对此行发表评论时,它是否正常工作,请您帮我解决如何在esapi.properties文件中更改标题名称长度
答案 0 :(得分:1)
包中包含SecurityWrapperResponse类中的硬编码长度值,所以我通过覆盖类并更改新长度来解决问题。 它正在发挥作用。