abdulsalam3105 opened a new issue, #12048: URL: https://github.com/apache/trafficserver/issues/12048
am upgrading from 8.1.11 to 9.2.8 and found that while accessing trafficserver url, it throws once it reaches the auth url error_code: _csrf_attack error_message: CRJSA0001E A potential cross-site request forgery (CSRF) attack was detected. error_message_explanation: Either a CSRF attack occurred or, in rare cases, a defect caused the system to falsely detect one. error_message_useraction: If an attack occurred, the system denied it and no further action is required. my setup is trafficserver is placed in front of IBM httpd server and my application (origin) is placed behind httpd server. my remap.config looks like below map https://trafficserverurl.com https://ibmhttpd.com reverse_map https://ibmhttpd.com https://trafficserverurl.com i have header_rewrite.config file cond %{SEND_REQUEST_HDR_HOOK} set-header Host "trafficserfqdn" this works in 8.1.11 but not works in 9.2.8, can anyone help to figureout the issue. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
