New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

`allowed_origin_hostnames` likely breaks CSRF #18926

Open

mvdbeek opened this issue Oct 2, 2024 · 0 comments

Assignees

Labels

area/admin area/backend kind/bug

Member

mvdbeek commented Oct 2, 2024

We've had a ton of 400s after deploying galaxyproject/usegalaxy-playbook@7fcae0f#diff-203dab18cc42fe9e55cd6f3d8be11b65e5c231d0c3225e8c3d0a4a9f29adb1cbR332.

Unclear what exactly isn't working. When you logged out and attempted logging back you'd see Wrong session token found, denying request.

Reverting back to setting this up in nginx for now. The option should either be fixed or removed.

The text was updated successfully, but these errors were encountered:

mvdbeek added kind/bug area/admin area/backend labels

mvdbeek self-assigned this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment