This post describes an issue where Firefox and IE11 cannot load CDD on-premise, but Chrome can.
Symptom
You attempt to log in to CDD on-premise in Firefox or IE11 using a URL in the format https://<host>:<port>/cdd/login.jsp, where:
<host> - Specifies the server where you installed the product.
<port> - Specifies the port number you use to access the product UI, which is 8080 by default.
Example: 'http://cdd-docker-engine-3:8080/cdd/login.jsp'
However, an error message appears, such as:
FireFox
Internet Explorer 11
You check the log and see an error such as:
2018-12-04 11:38:54.215 [http-nio-8080-exec-11] ERROR c.c.r.w.f.OriginVerificationFilter - Failed request based on its origin. You may clear the JSESSIONID cookie request header or logout from the related CDD session
com.ca.rp.exceptions.rest.ValidationException: Accessing '/cdd/login.jsp' is forbidden from 'http://cdd-docker-engine-3:8080/cdd/login.jsp', verified by referer header
Diagnosis
In settings.properties, the "cdd.url.virtual_ip" value is "localhost". Chrome sends the POST request header with the entered host and port appearing in both the Origin and Referrer fields, causing the server to accept the request. However, both Firefox and IE11 send the POST request header with the entered host and port appearing in the Referrer field only, causing the server to deny the request.
Solution
In settings.properties, update the "cdd.url.virtual_ip" value from "localhost" to the host name of the server where you installed the product.
Example: cdd.url.virtual_ip=cdd-docker-engine-3
Additional Information
NOTE:
We recommend that you access CDD using the exact same server address that was used for executing the CDD Installer. CDD verifies that any incoming client request is coming from a page that was downloaded from CDD itself (that is, the same HTTP schema, same server name and same server port).
For example, if you used https://test.domain.com:443 to execute the CDD Installer, you should also use https:///test.domain.com:443 for executing the CDD service (and not https:///test:443).