Closed mdekstrand closed 2 weeks ago
I'm not sure if Wireshark is the right tool here, you want to check what the header values are when Apache proxies the request to linkding. Looking at the error message something seems to go wrong there. As an alternative, consider configuring https://github.com/sissbruecker/linkding/blob/master/docs/Options.md#ld_csrf_trusted_origins
I'm setting trusted origins as a workaround, but the wireshark
log is on the loopback interface, capturing exactly what Apache is sending to Linkding (it was the easiest way I could find to capture that without trying to set up additional proxies).
I am attempting to run Linkding behind an Apache reverse proxy, and it the CSRF check is failing:
I have read #340. Using wireshark (termshark/tshark), I have confirmed that both
Host
andOrigin
seem to be set correctly in the request to Linkding: