weizhouapache commented on issue #9848: URL: https://github.com/apache/cloudstack/issues/9848#issuecomment-2437218354
I am able to reproduce the issue when 'enable.secure.session.cookie' is 'true'. Tested with both http and https websites. this is a regression of security fix for CSRF in 4.18.2.4 and 4.19.1.2. workaround: ``` update configuration set value='false' where name='enable.secure.session.cookie'; ``` then restart cloudstack-management I will create a fix cc @rohityadavcloud @DaanHoogland @GutoVeronezi @JoaoJandre -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
