Error: Origin does not correspond to request
Problem
When trying to load a page of CustomerID, the error message Origin does not correspond to request is displayed.
Solution
To prevent CSRF attacks on Wicket components a check is performed using the Origin
 and Referer
 HTTP headers for cross domain requests.
When the Origin
 or Referer
 HTTP header is present a proxy needs to be configured so that it matches the requested URL otherwise a HTTP error ( 400 BAD REQUEST
)Â will be thrown. From the following link you can find information what is needed to configure the proxy: https://ci.apache.org/projects/wicket/apidocs/6.x/org/apache/wicket/protocol/http/CsrfPreventionRequestCycleListener.htmlÂ
Adjust the setting general.accepted.origin.whitelist in eidm2.properties
to allow certain hosts. e.g.
general.accepted.origin.whitelist = example.com, example.org
Related articles