Article - CS100791
Error "A potential security problem was detected" in Windchill PDMLink
Modified: 23-Apr-2026
Applies To
- Windchill PDMLink 10.0 to 13.1
Description
- Windchill is reporting Cross-Site Request Forgery (CSRF) Security errors, for example:
- When accessing the part structure page, it will show (CSRF) Security errors. it needs to refresh many times to recover this page
- Users are reporting pop-up warnings in the UI with the error:
A potential security problem was detected. Refresh the page and try again. If the problem persists, contact your administrator
- In the Windchill Method Server logs there are errors similar to:
<Date/Time>,331 ERROR [ajp-bio-8010-exec-1] com.ptc.jca.mvc.controllers.ActionController wcadmin - (com.ptc.core.appsec.appSecResource/INVALID_NONCE) com.ptc.core.appsec.ApplicationSecurityException: A potential security problem was detected. Refresh the page and try again. If the problem persists, contact your administrator. (com.ptc.core.appsec.appSecResource/INVALID_NONCE) com.ptc.core.appsec.ApplicationSecurityException: A potential security problem was detected. Refresh the page and try again. If the problem persists, contact your administrator. at com.ptc.core.appsec.CSRFProtector.handleInvalidNonce(CSRFProtector.java:249) at com.ptc.core.appsec.CSRFProtector.checkNonce(CSRFProtector.java:216)
- In the Security Audit Reports there are Events of Type "Cross-Site Request Forgery"
- "com.ptc.cat.ops.client.internal.ClearCollectorCacheOperation A potential security problem was detected. Refresh the page and try again. If the problem persists, contact your administrator" exception occurred on Part Structure veiw page
- Error in MS logs while Searching the Keyword which has special characters like "*", "?"
error:-------------(com.ptc.core.appsec.appSecResource/INVALID_NONCE) com.ptc.core.appsec.ApplicationSecurityException: A potential security problem was detected. Refresh the page and try again. If the problem persists, contact your administrator. (com.ptc.core.appsec.appSecResource/INVALID_NONCE) com.ptc.core.appsec.ApplicationSecurityException: A potential security problem was detected. Refresh the page and try again. If the problem persists, contact your administrator. at com.ptc.core.appsec.CSRFProtector.handleInvalidNonce(CSRFProtector.java:316) at com.ptc.core.appsec.CSRFProtector.checkNonce(CSRFProtector.java:252) at com.ptc.jca.mvc.controllers.Log4JavascriptController.logData(Log4JavascriptController.java:96) at sun.reflect.GeneratedMethodAccessor620.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205) at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:150) at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:117) at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895) at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:808) at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1067) at org.springframework.w
This is a printer-friendly version of Article 100791 and may be out of date. For the latest version click CS100791