[#5730] - CSRF issue when going through proxy to application server

Category:
Bug report
Priority:
Normal
Status:
New
Project: Severity:
Major
Resolution:
Open
Component: Reproducibility:
Always
Assigned to:
2

When passing from apache using a proxy to tomcat, a token will be issued, but you will still get a csrf alert, and not be able to create users.

I was helping a user, and had some time to verify this. I was able to
verify all of this information, and I do have the token.
It looks like this information isn't picked up when possibly using apache with passing through a proxy. That is our current setup where
this isn't working. Going directly to the application via
http://localhost:8080/jasperserver is fine, however If I have a hostname and passto a port via proxy pass module for Apache, then it seems that is triggering a "security violation" of sorts.

In the above example, I received a token in both cases:
csrfRequestHeaders

jgh's picture
jgh
435
Joined: Aug 27 2010 - 4:24pm
Last seen: 7 years 8 months ago

1 Comment:

#1

I am running into the same issue trying to run jasper server behind an nginx reverse proxy.

Feedback