When the user tries to perform a verification on the Cryptshare user interface, the "Next" button does not respond (but the unresponsiveness can also occur at other places). Additionally, the browser console logs lots of errors with the message "Origin does not correspond to request".
- Cryptshare Version 4 and above
This issue is most likely caused by a misconfigured reverse proxy.
Beginning with Cryptshare Version 4, requests to the server are checked for the 'Origin' header. If the 'Origin' header differs from the protocol, host (and port, if supplied) of the request URL, the server responds with Status Code 400 (Bad Request).
If the reverse proxy performs an SSL termination and the request URL arrives on the Cryptshare server as "HTTP" instead of "HTTPS" as originally intended, the request URL and 'Origin' header do not match.
There are two different approaches to mitigate the issue:
- You reconfigure the reverse proxy to remove the 'Origin' header, in which case Cryptshare does not perform a CSRF check.
- You reconfigure the reverse proxy to modify the 'Origin' header to match the internal URL (scheme, hostname, port), in which case the Cryptshare CSRF check succeeds.