View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0004013 | SOGo | Web General | public | 2017-02-01 09:54 | 2023-03-15 19:11 |
Reporter | pabelenda | Assigned To | sebastien | ||
Priority | high | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Platform | [Server] Linux | OS | Debian | OS Version | 8 (Jessie) |
Product Version | 3.2.6 | ||||
Summary | 0004013: Login and password change form not working when trying to access service behind an http proxy with secure cookies enable | ||||
Description | Summary says it all. Both forms stop working properly with secure cookies enabled on the apache proxy. If you go to the login screen and try to access with your login data you will see an error message "Authentication failed". This is not true at all because if you reload the page you will be redirected to the main view as usual. The reload WA sadly does not work for the password change form because, obviously, every time you reload the form it comes back empty. | ||||
Steps To Reproduce |
You should see an "Authentication failed" message
| ||||
Additional Information | This is how I configure the secure cookies, just for the record: Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure | ||||
Tags | No tags attached. | ||||
Hi, is there any plan about taking a look into this? |
|
The currently supported feature to improve security is to enable CSRF token by setting SOGoXSRFValidationEnabled to YES. |
|
I can confirm this one as fixed. |
|
Thanks I close the ticket |
|
Date Modified | Username | Field | Change |
---|---|---|---|
2017-02-01 09:54 | pabelenda | New Issue | |
2017-02-01 18:13 | ludovic | Severity | major => minor |
2017-05-23 06:55 | pabelenda | Note Added: 0011823 | |
2017-05-23 13:04 | francis | Note Added: 0011826 | |
2023-03-15 16:58 | pabelenda | Note Added: 0016748 | |
2023-03-15 19:11 | sebastien | Note Added: 0016751 | |
2023-03-15 19:11 | sebastien | Assigned To | => sebastien |
2023-03-15 19:11 | sebastien | Status | new => closed |
2023-03-15 19:11 | sebastien | Resolution | open => fixed |