My Oracle Support Banner

CSRF-Protection Check Failure When Calling OAG Application Registry Behind A Proxy (Doc ID 2272436.1)

Last updated on JUNE 02, 2017

Applies to:

Oracle API Gateway - Version 11.1.2 and later
Information in this document applies to any platform.


While using the Application Registry to manage OAuth Credentials with OAG, the registry is expected to be placed behind a reverse proxy for additional protection.

This fails because the application does not trust the new URL, throwing the following error in the OAG trace:

  "CSRF-protection check for referer https://... failed"

Using a reverse proxy doesn't work because the registry also depends on browser-side logic which uses port 8089 by default.

Is it possible to configure a policy to allow the application to accept other host/port combinations or, alternately, change the host/port used by the browser-side logic to connect to the website?


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.