| Category: | Bug report |
Priority: | Normal |
Status: | New |
| Project: | Severity: | Major |
Resolution: | Open |
|
| Component: | Reproducibility: | Always |
Assigned to: |
When passing from apache using a proxy to tomcat, a token will be issued, but you will still get a csrf alert, and not be able to create users.
I was helping a user, and had some time to verify this. I was able to
verify all of this information, and I do have the token.
It looks like this information isn't picked up when possibly using apache with passing through a proxy. That is our current setup where
this isn't working. Going directly to the application via
http://localhost:8080/jasperserver is fine, however If I have a hostname and passto a port via proxy pass module for Apache, then it seems that is triggering a "security violation" of sorts.
In the above example, I received a token in both cases:
csrfRequestHeaders
1 Comment:
I am running into the same issue trying to run jasper server behind an nginx reverse proxy.