Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

CSRF Filter with Chrome!

t16
Champ in-the-making
Champ in-the-making

‎02-11-2015 01:35 PM

Hi guys,

Really simple problem here I hope…

Ive configured the CSRF filter to work and allow requests from a reverse proxy, and all is well using the override code in share-custom-config…

<config evaluator="string-compare" condition="CSRFPolicy" replace="true">
      <properties>
<token>Alfresco-CSRFToken</token>
<referer>https://www.serverxx/* etc etc </referer>
<origin>https://www.serverxx/* etc etc *</origin>
</properties>
   </config>
  

All works wonderfully in IE, but with Chrome, the CSRF filter is triggered ALL the time.

Does anyone know why this is, and what I can do as a workaround?!

many thanks.

Labels:
0 Kudos
4 REPLIES 4

idwright
Star Collaborator
Star Collaborator

‎09-24-2015 04:29 AM

Have you made any progress with this?
(Also works in Firefox)

Thanks.
0 Kudos

thamilanga
Champ on-the-rise
Champ on-the-rise
In response to idwright

‎11-09-2015 12:50 PM

Has anyone been able to resolve this?

Thanks
0 Kudos

vmayer
Champ in-the-making
Champ in-the-making

‎07-13-2016 10:09 AM

Hi folks,

we are having the exactly same problem here. We are using Alfresco Community 5.1 with Alfresco Share behind an nginx used as SSL offloader. The CSRF filter is triggered always when using Chrome (OSX, Linux, Windows) or Safari (OSX) or Chromium or Epiphany (both on Linux). The filter is not triggered (i.e. Share web access works) when using IE11 or Edge on Windows 10 respectively IE11 on Windows 7. There are also no problems with Firefox (OSX, Linux, Windows), so Firefox can be used as a workaround. Our working hypothesis is thus, that the problem is somehow tied to Webkit based browsers.

Can anybody confirm (or disprove) this hypothesis or can shed some more light on the issue?

Best regards, V. Mayer
0 Kudos

vmayer
Champ in-the-making
Champ in-the-making

‎07-28-2016 09:50 AM

Hi folks,

I just wanted to share my solution, even though I haven't explored further why this makes a difference. Below you can find a snippet from my share-config-custom.xml:

      <properties>

         <!– There is normally no need to override this property –>
         <token>Alfresco-CSRFToken</token>

         <!–
            Override and set this property with a regexp that if you have placed Share behind a proxy that
            does not rewrite the Referer header.
         –>
         <referer>https://myserver.mysld.tld/share/.*</referer>

         <!–
            Override and set this property with a regexp that if you have placed Share behind a proxy that
            does not rewrite the Origin header.
         –>
         <origin>https://myserver.mysld.tld</origin>
      </properties>


It didn't work as described before, if there still was a trailing slash (or anything more than that) in the origin element. Initially I had the identical content in the origin element as  the one in the referer element. After deleting everything after the server name including the slash in the URL within the origin element resulting in the snippet above, all problems were gone.

Best regards, V. Mayer
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC