Possible cross-site request forgery - How to fix?


#1

Hi There,

I’m getting this cross-site issue when navigating on RT, my server is on 192.168.4.27, can anyone help on how to fix this?

Regards,

Pipa

Possible cross-site request forgery

RT has detected a possible cross-site request forgery for this request, because the Referrer header supplied by your browser (192.168.4.27:80) is not allowed by RT’s configured hostname (127.0.0.1:80). A malicious attacker may be trying to modify RT’s configuration on your behalf. If you did not initiate this request, then you should alert your security team.


#2

As the message says the problem is in your configuration. Without knowing your configuration it’s hard to say much. As the error message says you have configured RT with hostname 127.0.0.1 (localhost) which seems not what you want…


#3

In your RT_SiteConfig.pm you should have:

Set( $WebDomain, '192.168.4.27' );

`


#4

That worked perfect!

Thanks Craig!