Hi ... I am still having problems with CSRF behind a proxy. I use AWS CloudFront to proxy requests to Jasper Server. When I try to login over HTTPS I get the error "Failed to retrieve CSRF token" in the developer console and the message "Connection error! Try reloading! | close" as a banner acrosss the page. I have made the edit to the jrs.csrfguard.js file as mentioned above: - //if(isValidDomain(document.domain, "%DOMAIN_ORIGIN%")) { if (true) { // GCJ 2019-01-21 https://community.jaspersoft.com/wiki/owasp-csrfguard-javascript-was-included-within-unauthorized-domain /** optionally include Ajax CSRF support **/ ... and I've also changed the jrs.csrfguard.properties file: - # If csrfguard filter is enabled org.owasp.csrfguard.Enabled = false ... but it still fails because the Origin header is different from the Request URL as seen by the Tomcat Server. @pierre.ortalo It seems you had the exact same problem. Wonder if you've got any more insights?