CSRF-Protection Check Failure When Calling OAG Application Registry Behind A Proxy
Last updated on JUNE 02, 2017
Applies to:Oracle API Gateway - Version 11.1.2 and later
Information in this document applies to any platform.
While using the Application Registry to manage OAuth Credentials with OAG, the registry is expected to be placed behind a reverse proxy for additional protection.
This fails because the application does not trust the new URL, throwing the following error in the OAG trace:
Using a reverse proxy doesn't work because the registry also depends on browser-side logic which uses port 8089 by default.
Is it possible to configure a policy to allow the application to accept other host/port combinations or, alternately, change the host/port used by the browser-side logic to connect to the website?
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms