wso2 api manger carbon page gives 403 Forbidden

Question

I've downloaded a fresh wso2 api manager and trying to open the link http://host_name:9443/carbon. It gives an error of 403 forbidden and the stack trace is :

- JavaLogger potential cross-site request forgery (CSRF) attack thwarted (user:<anonymous>, ip:127.0.0.1, method:POST, uri:/carbon/admin/login_action.jsp, error:required token is missing from the request)

Does anyone have an idea what's wrong or what I'm missing?

Answer 1

This issue happens due a bug in JDK 1.8.0_151, and you can proceed with approaches:

1. Downgrade from build 1.8.0_151 to 1.8.0_144;
   
2. But if you cannot proceed with the downgrade of, so you can disable the compression in Tomcat repository/conf/tomcat/catalina-server.xml, switching compression to "off" instead of the default which is "on".