View Issue Details

IDProjectCategoryView StatusLast Update
0004013SOGoWeb Generalpublic2023-03-15 19:11
Reporterpabelenda Assigned Tosebastien  
PriorityhighSeverityminorReproducibilityalways
Status closedResolutionfixed 
Platform[Server] LinuxOSDebianOS Version8 (Jessie)
Product Version3.2.6 
Summary0004013: Login and password change form not working when trying to access service behind an http proxy with secure cookies enable
Description

Summary says it all.

Both forms stop working properly with secure cookies enabled on the apache proxy.

If you go to the login screen and try to access with your login data you will see an error message "Authentication failed". This is not true at all because if you reload the page you will be redirected to the main view as usual.

The reload WA sadly does not work for the password change form because, obviously, every time you reload the form it comes back empty.

Steps To Reproduce
  • Enable secure cookies on the proxy
  • Go to the login page
  • Enter your login data

You should see an "Authentication failed" message

  • Go to the password change form
  • Try to change the password
  • Nothing happens on summit
Additional Information

This is how I configure the secure cookies, just for the record:

Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure

TagsNo tags attached.

Activities

pabelenda

pabelenda

2017-05-23 06:55

reporter   ~0011823

Hi, is there any plan about taking a look into this?

francis

francis

2017-05-23 13:04

administrator   ~0011826

The currently supported feature to improve security is to enable CSRF token by setting SOGoXSRFValidationEnabled to YES.

pabelenda

pabelenda

2023-03-15 16:58

reporter   ~0016748

I can confirm this one as fixed.

sebastien

sebastien

2023-03-15 19:11

administrator   ~0016751

Thanks I close the ticket

Issue History

Date Modified Username Field Change
2017-02-01 09:54 pabelenda New Issue
2017-02-01 18:13 ludovic Severity major => minor
2017-05-23 06:55 pabelenda Note Added: 0011823
2017-05-23 13:04 francis Note Added: 0011826
2023-03-15 16:58 pabelenda Note Added: 0016748
2023-03-15 19:11 sebastien Note Added: 0016751
2023-03-15 19:11 sebastien Assigned To => sebastien
2023-03-15 19:11 sebastien Status new => closed
2023-03-15 19:11 sebastien Resolution open => fixed