On 02/09/20 12:40, caius75 wrote: > Hi Guys, > i've installed Apache Syncope 2.1.6 with maven using tomcat 9.0.34 as JAVA > EE container and MySQL as internal Storage. > I can access to syncope-console pointing to tomcat 9080 port and everything > seems to work fine, but whe i try to access to syncope-console pointing to > an Apache Web Server acting as reverse-proxy i got following error: > > 12:04:14.508 DEBUG > org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener - Source > URI conflicts with request origin, aborted > 12:04:14.509 INFO > org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener - > Possible CSRF attack, request URL: http://www.cds.org/syncope-console/login, > Origin: https://www.cds.org, action: aborted with error 400 Origin does not > correspond to request > > even if csrf is set to false in console.properties. > > Any ideas? Hi, setting
csrf=false for console.properties is definitely the way to solve the problem reported above. The only possibility I can figure out to explain the persisting issue is that the actual console.properties being loaded is not the one where you placed the setting. What deployment directory [1] did you set for config files (normally /opt/syncope/conf) during build? Regards. [1] http://syncope.apache.org/docs/2.1/reference-guide.html#deployment-directories -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/