Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-25458

Edge / IE11 bad CSRF behavior

    Details

      Description

      Edge and IE11 does not send Origin header on FORM POST, preventing Nuxeo to be connected with Azure SAML ( and maybe other bad behavior )

      The issue is known and confirmed:
      https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/10482384/

      As we cannot rely on Microsoft ability to fix their issue, we need to provide a workaround

      The Headers sent are Referer, so we could in case of those agents and no Origin header based our decision on the Referer header

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                1 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 hour
                  1h

                    PagerDuty

                    Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.