Hi,
does anybody have a working configuration for nginx and/or alfresco, using https.
I cannot set up nginx and/or alfresco without prompting CSRF attack in Alfresco logs (cannot log in).
If i set
proxy_set_header Host $host;
the error is:
SEVERE: Servlet.service() for servlet [Spring Surf Dispatcher Servlet] in context with path [/share] threw exception [Possible CSRF attack noted when asserting referer header 'https://ABC.ABC/share/page'. Request: POST /share/page/dologin, FAILED TEST: Assert referer POST /share/page/dologin :: referer: 'https://ABC.ABC/share/page' vs server & context: http://ABC.COM/ (string) or (regexp)] with root cause
without the proxy_set_header Host $host;
the error is
SEVERE: Servlet.service() for servlet [Spring Surf Dispatcher Servlet] in context with path [/share] threw exception [Possible CSRF attack noted when asserting referer header 'https://ABC.ABC/share/page'. Request: POST /share/page/dologin, FAILED TEST: Assert referer POST /share/page/dologin :: referer: 'https://ABC.ABC/share/page' vs server & context: http://localhost
ort/ (string) or (regexp)] with root cause
tried
proxy_set_header Host $http_host; same result as first error
tried proxy_set_header Host $host$uri;
i get the error
SEVERE: Servlet.service() for servlet [Spring Surf Dispatcher Servlet] in context with path [/share] threw exception [Possible CSRF attack noted when asserting referer header 'https://ABC.ABC/share/page'. Request: POST /share/page/dologin, FAILED TEST: Assert referer POST /share/page/dologin :: referer: 'https://ABC.ABC/share/page' vs server & context: http://ABC.ABC/share/page/dologin/ (string) or (regexp)] with root cause
I circumvented the problem by telling NGINX to revirte all the headers in certain manner
proxy_set_header Referer http://ABC.COM:XXXX/;
proxy_set_header Origin http://ABC.COM:XXXX/;
I guess i am asking how to tell nginx to write "https://ABC.ABC/share/page" and not "http://ABC.ABC/"
I have:
Alfresco 5.0d
Windows server 2008 R2
Nginx 1.9
does anybody have a working configuration for nginx and/or alfresco, using https.
I cannot set up nginx and/or alfresco without prompting CSRF attack in Alfresco logs (cannot log in).
If i set
proxy_set_header Host $host;
the error is:
SEVERE: Servlet.service() for servlet [Spring Surf Dispatcher Servlet] in context with path [/share] threw exception [Possible CSRF attack noted when asserting referer header 'https://ABC.ABC/share/page'. Request: POST /share/page/dologin, FAILED TEST: Assert referer POST /share/page/dologin :: referer: 'https://ABC.ABC/share/page' vs server & context: http://ABC.COM/ (string) or (regexp)] with root cause
without the proxy_set_header Host $host;
the error is
SEVERE: Servlet.service() for servlet [Spring Surf Dispatcher Servlet] in context with path [/share] threw exception [Possible CSRF attack noted when asserting referer header 'https://ABC.ABC/share/page'. Request: POST /share/page/dologin, FAILED TEST: Assert referer POST /share/page/dologin :: referer: 'https://ABC.ABC/share/page' vs server & context: http://localhost
ort/ (string) or (regexp)] with root causetried
proxy_set_header Host $http_host; same result as first error
tried proxy_set_header Host $host$uri;
i get the error
SEVERE: Servlet.service() for servlet [Spring Surf Dispatcher Servlet] in context with path [/share] threw exception [Possible CSRF attack noted when asserting referer header 'https://ABC.ABC/share/page'. Request: POST /share/page/dologin, FAILED TEST: Assert referer POST /share/page/dologin :: referer: 'https://ABC.ABC/share/page' vs server & context: http://ABC.ABC/share/page/dologin/ (string) or (regexp)] with root cause
I circumvented the problem by telling NGINX to revirte all the headers in certain manner
proxy_set_header Referer http://ABC.COM:XXXX/;
proxy_set_header Origin http://ABC.COM:XXXX/;
I guess i am asking how to tell nginx to write "https://ABC.ABC/share/page" and not "http://ABC.ABC/"
I have:
Alfresco 5.0d
Windows server 2008 R2
Nginx 1.9
