(Solved) CSFR error when using nethserver's reverse proxy

pagaille · August 30, 2023, 7:23am

Hi,

I struggled to configure openproject (docker all in one image) with the reverse proxy.

OP is configured to run in http mode.

Error message : [Error 422] Unable to verify Cross-Site Request Forgery token.
In OP logs : (https://example.com) didn't match request.base_url (http://example.com)

Solution :

Add the following line in /etc/httpd/conf.d/virtualhosts.conf (in the section corresponding to the https reverse proxy configuration):

RequestHeader set X_FORWARDED_PROTO 'https'

(That needs to be templated of course)

I believe that should be at least a setting in the UI. What do you think ?

pagaille · August 30, 2023, 7:34am

NB : for the record, OP must also be configured in https mode :

-e OPENPROJECT_HOST__NAME=reverseproxy.domaine.name -e OPENPROJECT_HTTPS=true

pagaille · September 5, 2023, 6:29am

@giacomo shouldn’t this parameter be configured by default ? Or a setting in the UI ?

giacomo · September 5, 2023, 7:11am

I do not think so, it much depends on the application behind the proxy.