Authentication-Filters cannot be edited over website-UI if a proxy-url is used

Description

For this geoserver-instance, a proxy-url is set for handling the http/https redirection. All is working fine, but if using authentication-page in web UI (page org.geoserver.security.web.auth.AuthenticationPage) and clicking on some existing authentication-filter for editing it, nothing happens. In the browser-console, an error of type 400 is displayed. If using this operation without a proxy-url, it works.

Environment

geoserver/docker, executed with Azure Container Apps

Activity

Markus Heber
June 2, 2023 at 5:09 PM

Thank you, deactivating CSRF protection solved the problem for me.

Andrea Aime
June 2, 2023 at 10:04 AM

It may be due to the CSRF protection. Either disable it, or whitelist the public host?

Resize issue view side panel

Fixed

Details

Assignee

Unassigned

Reporter

Markus Heber

Triage

Authenticationproxywebsite

Affects versions

2.22.0

Components

Priority

Medium

Created May 23, 2023 at 10:23 AM

Updated June 2, 2023 at 6:05 PM

Resolved June 2, 2023 at 6:05 PM