CSRF warning thrown when logging in

felixw · 3 December 2021 14:44

Dear community,

I set up a Opal and DataSHIELD installation with described sample docker compose file in the docs as a starting point. Locally everything works fine. But when I use the same docker-compose file on a server in my VPN and try to authenticate at http://MYSERVERDOMAIN:8080 from my local machine the log on is not succesful (the logon page, however, is displayed). In the logs of the opal server container if find the following entry:

WARN org.obiba.opal.web.security.CSRFInterceptor - CSRF detection: Host=MYSERVERDOMAIN:8080, Referer=http://MYSERVERDOMAIN.charite.de:8080/ui/index.html.

Although it is warning I assume this is the reason for the unsuccessful login. Is there any additional configuration necessary ?

Thanks in advance

Felix

alexwesterberg · 3 December 2021 14:47

Hi Felix, as a first step towards troubleshooting this, could we check what version of Opal you are using? You can determine opal version from the logs generated by docker.

If the version is Opal 4.3, could you try accessing using https on port 8443.

Let me know how it goes!

Cheers, Alex

yannick · 3 December 2021 16:55

Hi,

Since Opal 4.3 https connection through network is enforced and CSRF detection requires consistent Host and Referer headers. Accessing Opal through a reverse proxy can help.

Regards Yannick

felixw · 6 December 2021 09:57

Thanks I used 8444 and worked.

Topic		Replies	Views
SSL certificate update for https connection Analyst Support	1	323	7 December 2021
502 Bad Gateway Beginner Support	12	210	9 June 2023
SSL-connection to localhost Opal fails Developer support	2	301	2 February 2023
DataSHIELD installation on Ubuntu - login into Opal fails Beginner Support	6	610	25 January 2022
SSL-certificate check fails on local opal.login connection Beginner Support	3	930	24 February 2022

CSRF warning thrown when logging in

Related Topics