CSRF-Protection Check Failure When Calling OAG Application Registry Behind A Proxy
(Doc ID 2272436.1)
Last updated on OCTOBER 07, 2022
Applies to:
Oracle API Gateway - Version 11.1.2.1.0 and laterInformation in this document applies to any platform.
Goal
While using the Application Registry to manage OAuth Credentials with OAG, the registry is expected to be placed behind a reverse proxy for additional protection.
This fails because the application does not trust the new URL, throwing the following error in the OAG trace:
Using a reverse proxy doesn't work because the registry also depends on browser-side logic which uses port 8089 by default.
Is it possible to configure a policy to allow the application to accept other host/port combinations or, alternately, change the host/port used by the browser-side logic to connect to the website?
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |