RT has detected a possible cross-site request forgery for this request, because the Referrer header supplied by your browser (domain.com:443) is not allowed by RT’s configured hostname (domain.com:80). A malicious attacker may be trying to modify RT’s configuration on your behalf. If you did not initiate this request, then you should alert your security team.
I have tried setting Set( $WebPort, ‘443’ ); and Set( $WebPort, ‘80’ ); but i still get the same warning above.
I’ve tried adding this line, as well as Set(ReferrerWhitelist,qw(localhost:80,127.0.0.1:80)); to the /etc/rt4/etc/RT_SiteConfig.pm file, to no avail. Is this the correct file?
I’m having this same issue. I installed the site http and installed a cert and it is now HTTPS but I keep getting the forgery notice that is wanting to take it http.
I tried the whitelist setting, I’ve tried everything I found on google with no success.
I realized I was not pushing the right RT config file, so my web server was running on 443 but RT did not have the new config with the accepted ports. Running it through docker-compose. Thank you for the help!
I worked out a fix to this issue by adding the below line to the file /etc/rt4/etc/RT_SiteConfig.pm ( Location may vary depending on you installed version) for me it was opt/rt5/etc/RT_SiteConfig.pm
mjohnston’s answer (Sep 2021) probably has a stray comma after the first “80”. Lists in qw() are separated by spaces. Unless the code parsing this entry does a subsequent split on commas, the quoted code will treat “localhost:80,127.0.0.1:80” as a single address.