CSRF-Protection Check Failure When Calling OAG Application Registry Behind A Proxy (Doc ID 2272436.1)

Last updated on OCTOBER 07, 2022

Applies to:

Oracle API Gateway - Version 11.1.2.1.0 and later
Information in this document applies to any platform.

Goal

While using the Application Registry to manage OAuth Credentials with OAG, the registry is expected to be placed behind a reverse proxy for additional protection.

This fails because the application does not trust the new URL, throwing the following error in the OAG trace:

"CSRF-protection check for referer https://... failed"

Using a reverse proxy doesn't work because the registry also depends on browser-side logic which uses port 8089 by default.

Is it possible to configure a policy to allow the application to accept other host/port combinations or, alternately, change the host/port used by the browser-side logic to connect to the website?

Solution

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

Goal

Solution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

CSRF-Protection Check Failure When Calling OAG Application Registry Behind A Proxy (Doc ID 2272436.1)

Applies to:

Goal

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!