Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-25458

Edge / IE11 bad CSRF behavior

    XMLWordPrintable

    Details

      Description

      Edge and IE11 does not send Origin header on FORM POST, preventing Nuxeo to be connected with Azure SAML ( and maybe other bad behavior )

      The issue is known and confirmed:
      https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/10482384/

      As we cannot rely on Microsoft ability to fix their issue, we need to provide a workaround

      The Headers sent are Referer, so we could in case of those agents and no Origin header based our decision on the Referer header

        Attachments

        1. cors.png
          46 kB
          Rémi Cattiau

          Issue Links

            Activity

              People

              • Votes:
                1 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 hour
                  1h