Can't apply SSO settings due to CSRF protection, header "X-Requested-By" is missing.
I have Nginx doing HTTPS termination and proxying to Graylog as with instructions in "REST API and Web Interface on one port (using HTTPS/SSL):" http://docs.graylog.org/en/2.5/pages/configuration/web_interface.html
installed this plugin graylog-plugin-auth-sso-2.5.0.deb using dpkg, verified the jar in /usr/share/graylog-server/plugin/graylog-plugin-auth-sso-2.5.0.jar
configured the settings in System / Authentication / Single Sign-on (SSO)
pushed "Save SSO Settings"
Error message "Unable to update SSO authenticator config
Updating SSO config failed: CSRF protection header is missing. Please add a "X-Requested-By" header to your request."
Environment
Graylog Version: v2.5.1+34194da
Plugin Version: 2.5.0
Operating System: Ubuntu 16.04
Browser version: happens both in Chrome and Firefox
Problem description
Can't apply SSO settings due to CSRF protection, header "X-Requested-By" is missing. I have Nginx doing HTTPS termination and proxying to Graylog as with instructions in "REST API and Web Interface on one port (using HTTPS/SSL):" http://docs.graylog.org/en/2.5/pages/configuration/web_interface.html
Note warning in http://docs.graylog.org/en/2.5/pages/configuration/rest_api.html
Steps to reproduce the problem
Environment