Fresh install of alfresco: CSRF problem

cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Active Member

Fresh install of alfresco: CSRF problem

Hi,

I'm trying to setup an alfresco on docker. All components seems to work. I have followed this compose file:
https://github.com/Alfresco/acs-community-deployment/blob/master/docker-compose/docker-compose.yml

And I used this project to add volumes informations https://github.com/Alfresco/alfresco-docker-installer

In front of this stack, I have setup a haproxy which is listening on HTTPS and serve the certificate. If I try to log in using the public url, I am redirected to an error. In the logs of alfresco-share I can see a CSRF problem:

2020-04-01 22:50:38,427  ERROR [alfresco.web.site] [http-nio-8080-exec-4] javax.servlet.ServletException: Possible CSRF attack noted when asserting referer header 'https://xxxxx/share/page/'. Request: POST /share/page/dologin, FAILED TEST: Assert referer POST /share/page/dologin :: referer: 'https://xxxxxx/share/page/' vs server & context: http://xxxx/ (string) or  (regexp)

If I try to log in directly on the tomcat, no problem.

How could I add a HTTPS connector to the share container ? The tomcat on share container is listening on HTTP/8080.
I can't find any configuration for docker over the internet.

My config:

share:
    image: alfresco/alfresco-share:6.2.0
    deploy:
      resources:
        limits:
          cpus: '1'
          memory: 1024M
        reservations:
          cpus: '0.5'
          memory: 1024M 
    environment:
      REPO_HOST: "alfresco"
      REPO_PORT: "8080"
      JAVA_OPTS: "
        -Xms896m
        -Xmx896m
        -Dalfresco.host=localhost
        -Dalfresco.port=8080
        -Dalfresco.context=alfresco
        -Dalfresco.protocol=http"
    ports:
      - 8080:8080
    volumes:
      - /data/logs/share:/usr/local/tomcat/logs

Thanks for your help.

4 Replies
Highlighted
Established Member II

Re: Fresh install of alfresco: CSRF problem

Check this dockerfile to know how alfresco docker installer deals with share https. 

Highlighted
Established Member II

Re: Fresh install of alfresco: CSRF problem

Check this dockerfile to know how alfresco docker installer deals with https

Highlighted

Re: Fresh install of alfresco: CSRF problem

You can generate an SSL HTTP Web Proxy with https://github.com/Alfresco/alfresco-docker-installer

Why don't you try that and compare it with your configuration?

Software Engineer in Alfresco Search Team.
Highlighted
Active Member

found tRe: Fresh install of alfresco: CSRF problem

@angelborroy , no need to generate a new web-proxy on the docker if I already have one with ssl terminaison in a DMZ network.

I'd like to secure all communications betweend networks with SSL, but I can't find anyting how to enable an HTTPS connector on the share module with docker. I have done this manually for my first install (generate a keystore and add a new connector to tomcat). But how should I do this with docker ??

Found how to activate CSRF with docker:

 share:
    image: alfresco/alfresco-share:6.2.0
    deploy:
      resources:
        limits:
          cpus: '1'
          memory: 1024M
        reservations:
          cpus: '0.5'
          memory: 1024M 
    environment:
      CSRF_FILTER_REFERER: "https://your.domain.com/.*"
      CSRF_FILTER_ORIGIN: "https://your.domain.com"
      REPO_HOST: "alfresco"
      REPO_PORT: "8080"
      JAVA_OPTS: "
        -Xms896m
        -Xmx896m
        -Dalfresco.host=localhost
        -Dalfresco.port=8080
        -Dalfresco.context=alfresco
        -Dalfresco.protocol=http"
    ports:
      - 8080:8080
    volumes:
      - /data/logs/share:/usr/local/tomcat/logs

Automatically there is a script in te share image that verify one of these two variables exists and do the replacement in the correctfile before starting the share module. I've put the two values car it is not working with juste one filled.