Closed ElvenSpellmaker closed 6 years ago
Just for clarification so anyone else is clear on the workaround (I believe it's a workaround and not the fix) for this, this is because TeamCity 2017.1.1 adds a CSRF Protection feature which checks origins of requests to their REST API (and other endpoints).
I started by doing a google search for "teamcity add cors host" and the third result down (it links to TCD9 but there's a link to 10 from the page): https://confluence.jetbrains.com/display/TCD10/CSRF+Protection
By reading: https://confluence.jetbrains.com/display/TCD10/REST+API#RESTAPI-CORSSupport I found out that I need to add https://login.microsoftonline.com
to the cors list in the internal properties
.
These can be edited in the UI as described here: https://confluence.jetbrains.com/display/TCD10/Configuring+TeamCity+Server+Startup+Properties#ConfiguringTeamCityServerStartupProperties-TeamCityinternalproperties
Lifesaver ^
I added this as shown below:
rest.cors.origins=https://login.microsoftonline.com
This is hopefully patched in 2017.1.2 as described here: https://youtrack.jetbrains.com/issue/TW-49729
I had a nearly identical problem, Azure was sending "Origin: null" (literally 'null') and got the same error but
403 Forbidden: Respnding with 403 status code due to failed CSRF check: request's "Origin" header value "null" does not maqtch Host/X-Forwarded-Host header values or server's CORS-trusted hosts,
The first suggestion didnt work, on a wile whim I took a stab and guessed "originS" meant more then one, and guessed comma seperated .
rest.cors.origins=null,https://login.microsoftonline.com
Bingo Worked !
Modern browsers could set Origin: null
header while replying from HTTPS Azure endpoint to the HTTP URL of TeamCity server. See more details at the https://github.com/JetBrains/teamcity-azure-active-directory#known-issues
Please let me know if you are using TeamCity 2017.1.2+ with HTTPS URL and still need to specify rest.cors.origins=null
property in your setup.
We recently upgraded to TeamCity 2017.1.1, and when users try to use the AD to login they get a message stating:
403 Forbidden: Respnding with 403 status code due to failed CSRF check: request's "Origin" header value "https://login.microsoftonline.com" does not maqtch Host/X-Forwarded-Host header values or server's CORS-trusted hosts, consider adding "Origin: https://myteamcityurl.com" header.
I can't see a place from the plug-in configuration to add this header and it worked in TC 10.0.5 perfectly fine.