Kallithea issues archive

Issue #200: CRSF Check Failing (403) on Form Submit

Reported by: Rhys Llewellyn
State: resolved
Created on: 2016-03-23 19:52
Updated on: 2016-03-24 05:40



I have changed to using Container Auth in order to provide SSO for my personal instance of Kallithea. However whilst the user logs in successfully, any form submit will result in a 403 Forbidden error. A check of the paster output shows a successful container authentication but a CRSF check failure.

The container authentication is set up as specified on the Kallithea Docs.

I will update the issue with logs later this afternoon when I regain access to ssh.



Comment by Mads Kiilerich, on 2016-03-23 19:58

I don't think anything has changed in this area recently and I don't recall any reports of issues like that so I assume it works elsewhere. Weird.

Looking forward to see more details!

Comment by Rhys Llewellyn, on 2016-03-24 04:26

It seems the issue was with Kallithea not detecting the url scheme from the proxy, and issuing redirects to http resources whilst in a https reverse proxy which was invalidating cookies. I have forced SSL and it seems to have resolved the issue.

Comment by Mads Kiilerich, on 2016-03-24 05:40

Ok, so some combination of secure cookies (43ad9c3b7d5d) and http://docs.kallithea-scm.org/en/latest/overview.html#web-server and http://docs.kallithea-scm.org/en/latest/setup.html#https-support not being sufficiently clear?

Contributions to improve the documentation (or code) would be appreciated a lot!