Possible cross-site request forgery RT5

Hi all,

My RT’s site is 443, but I kept getting this error in some tabs. I looked through the past discussions but didn’t find any solutions. Currently running RT 5.0.3 - Ubuntu 22.04 LTS

" RT has detected a possible cross-site request forgery for this request, because the Referrer header supplied by your browser (example.com:443) is not allowed by RT’s configured hostname (example:80). A malicious attacker may be trying to modify RT’s configuration on your behalf. If you did not initiate this request, you should alert your security team."

Here is my RT_SiteConfig.pm file:
Set ($WebDomain, ‘example.com’);
Set ($WebPort, ‘443’);
Set($WebBaseURL, ‘(https://example.com)’);
Set($CanonicalizeRedirectURLs, 1);

I tried: Set(@ReferrerWhitelist, (‘localhost:80’,‘127.0.0.1:80’);
and ($WebDomain, ‘12.123.0.123’);

You should have port set to 443 and example.com should be whichever domain you’re using

Hi. How do I do that?

In your config where you showed those values above

You may have to adjust the Apache Virtual Host Config and specify the port there, e.g. as follows:
<VirtualHost *:443>

A general example + further information can be found at
https://docs.bestpractical.com/rt/5.0.3/web_deployment.html

Hi plast, and knation,

Here is my RT_SiteConfig.pm:

I’m still getting the Cross-site message when trying to create a new user or some other tabs

I found the solution,

I created a new virtual host *80 in my rt5.conf file in apache, and added:
ServerName example.com
ServerAlias X.X.X.X
Redirect permanent / https://example.com/