Safari/Firefox log in issue - Access is denied. Invalid CSRF token
74 views
Skip to first unread message
Senevi Herath
Apr 17, 2025, 12:39:38 PM4/17/25
to dspac...@googlegroups.com
Hi all
I have a fresh DSpace 8.1 installation with shibboleth login configured. Login is successfully working with Chrome browser but with Safari and Firefox. To get it working on Safari, "Prevent crocs-site tracking" has to be unchecked. For Firefox, the backend url has to be added to the browser security/privacy setting to allow cookies and site data. This is an inconvenience for the end users.
I am using two VMs, one for the frontend and the other for the backend. SSL has been configured for both. Nodejs on angular frontend running on http://localhost:4000, SSL with Nginx and tomcat on backend on http://localhost:8080/server, SSL with Apache.
I have tested with following config in local.cfg
rest.cors.allowed-origins = ${dspace.ui.url}, http://localhost:4000
proxies.trusted.ipranges = 127.0.0.1, real IP
but, it didn't work
Is this behaviour unusual ?
How can this be rectified ?
Regards
Senevi Herath
DSpace Technical Support
Apr 21, 2025, 11:17:28 AM4/21/25
to DSpace Technical Support
Hi Senevi,
In the Shibboleth documentation, there's a yellow note near the end of this section: https://wiki.lyrasis.org/display/DSDOC7x/Authentication+Plugins#AuthenticationPlugins-DSpaceShibbolethConfigurationOptions It says "Having issues getting Safari working?". The solution listed there is to add the Shibboleth IP to your "rest.cors.allowed-origins" configuration.
In the Shibboleth documentation, there's a yellow note near the end of this section: https://wiki.lyrasis.org/display/DSDOC7x/Authentication+Plugins#AuthenticationPlugins-DSpaceShibbolethConfigurationOptions It says "Having issues getting Safari working?". The solution listed there is to add the Shibboleth IP to your "rest.cors.allowed-origins" configuration.
Tim
Senevi Herath
Apr 25, 2025, 9:47:42 PM4/25/25
to DSpace Technical Support
Hi Tim
Thank you for your reply. I have tested it by including IDP URL. But it didn’t help.
Not only Shibboleth login but also for normal built -in login as well as ORCID login, the situation is same.
When you have separate VMs for front-end and api backend, both has to have reverse https proxies which results CROS issue. If I run them in a same VM, it might not give such issue.
BR.
Senevi
--
All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
---
You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/dspace-tech/a62ca5f1-4110-42ed-ab69-468a4baee346n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages