Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Symptom

When the user tries to perform a verification on the Cryptshare user interface, the "Next" button does not respond (but the unresponsiveness can also occur at other places). Additionally, the browser console logs lots of errors with the message "Origin does not correspond to request".

Applies to

  • Cryptshare Version 4 and above

Cause

This issue is most likely caused by a misconfigured reverse proxy.

Beginning with Cryptshare Version 4, requests to the server are checked for the 'Origin' header. If the 'Origin' header differs from the protocol, host (and port, if supplied) of the request URL, the server responds with Status Code 400 (Bad Request).

If the reverse proxy performs an SSL termination and the request URL arrives on the Cryptshare server as "HTTP" instead of "HTTPS" as originally intended, the request URL and 'Origin' header do not match.

Resolution

There are two different approaches to mitigate the issue:

  • You reconfigure the reverse proxy to remove the 'Origin' header, in which case Cryptshare does not perform a CSRF check.
  • You reconfigure the reverse proxy to modify the 'Origin' header to match the internal URL (scheme, hostname, port), in which case the Cryptshare CSRF check succeeds.

Related articles

Content by Label
showLabelsfalse
max5
spacesCKB
showSpacefalse
sortmodified
reversetrue
typepage
cqllabel in ("verification","ajax","reverse","proxy","header") and type = "page" and space = "CKB"
labelsupgrade update opensuse leap os low disk space betriebssystem distribution

Page properties
hiddentrue


Related issues




Include Page
ATT:Footer
ATT:Footer