CSRF warning thrown when logging in

Dear community,

I set up a Opal and DataSHIELD installation with described sample docker compose file in the docs as a starting point. Locally everything works fine. But when I use the same docker-compose file on a server in my VPN and try to authenticate at http://MYSERVERDOMAIN:8080 from my local machine the log on is not succesful (the logon page, however, is displayed). In the logs of the opal server container if find the following entry:

WARN org.obiba.opal.web.security.CSRFInterceptor - CSRF detection: Host=MYSERVERDOMAIN:8080, Referer=http://MYSERVERDOMAIN.charite.de:8080/ui/index.html.

Although it is warning I assume this is the reason for the unsuccessful login. Is there any additional configuration necessary ?

Thanks in advance


Hi Felix, as a first step towards troubleshooting this, could we check what version of Opal you are using? You can determine opal version from the logs generated by docker.

If the version is Opal 4.3, could you try accessing using https on port 8443.

Let me know how it goes!

Cheers, Alex


Since Opal 4.3 https connection through network is enforced and CSRF detection requires consistent Host and Referer headers. Accessing Opal through a reverse proxy can help.

Regards Yannick

Thanks I used 8444 and worked.

1 Like