I am getting 400 error on login in openmeeting 5.0.0-M2, when I am using nginx.
My nginx configuration is as follows:
server {
listen 443 ssl;
ssl on;
ssl_certificate path_to_certificate;
ssl_certificate_key path_to_key;
server_name myservername;
location /openmeetings/ {
proxy_pass http://127.0.0.1:5080/openmeetings/;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Referer 'http://$host/openmeetings/';
proxy_set_header X-Real-IP $remote_addr;
}
}
My log file:
CsrfPreventionRequestCycleListener:779 [nio-5080-exec-4]ESC[0;39m - Possible CSRF attack, request URL:
http://ocean.paramatrix.com/openmeetings/wicket/bookmarkable/org.apache.openmee
tings.web.pages.HashPage, Origin: https://ocean.paramatrix.com, action: aborted
with error 400 Origin does not correspond to request
while this is working fine on firefox browser but not on chrome browser.
Does anyone know, what other configurations I need to do? Any help is appreciated.
尝试将 Referer 标头设为 HTTPS:
proxy_set_header Referer 'https://$ho....
Openmeetings is running with ssl itself with 5443 port. you should try this:
proxy_pass http://127.0.0.1:5443/openmeetings/;
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.