https://stackoverflow.com/questions/51721771/apache-openmeetings-4-0-4-csrf-attack-when-using-apache2-as-proxypass + search in this ML :)))
On Thu, 2 Apr 2020 at 18:19, Arndt, Wolfgang <ar...@lernenfoerdern.de> wrote: > Hi, > > my Openmeetings docker is working now. So i took the next step: > > > > I use the nginx-letsencrypt ssl proxy ( > https://hub.docker.com/r/jrcs/letsencrypt-nginx-proxy-companion/) to > auto-generate certs. This is working with other containers. > > > > As in the grafana expample from the page above , i start the OM-Docker > container with an additional -e "VIRTUAL_PORT=5080" > > > > Now i can connect via the proxy to my OM container, the login page opens > but i cannot login. > > > > > > INFO 04-02 10:59:37.346 o.a.w.p.h.CsrfPreventionRequestCycleListener:779 > [nio-5080-exec-6] - Possible CSRF attack, request URL: > http://om.xxxxx.de/openmeetings/wicket/bookmarkable/org.apache.openmeetings.web.pages.auth.SignInPage, > Origin: https://om.xxxxx.de, action: aborted with error 400 Origin does > not correspond to request > > > > > > Wolfgang > -- WBR Maxim aka solomax