Possible cross-site request forgery with IP address

steve_linn · January 10, 2019, 4:38pm

RT has detected a possible cross-site request forgery for this request, because the Referrer header supplied by your browser (10.x.x.x:80) is not allowed by RT’s configured hostname (127.0.0.1:80) or whitelisted hosts (localhost:80,10.x.x.x:80). A malicious attacker may be trying to perform actions on your behalf. If you did not initiate this request, then you should alert your security team.

I added the following:
Set(@ReferrerWhitelist,qw(localhost:80,10.x.x.x:80));

To this file:
opt/rt4/etc/RT_SiteConfig.pm

I also tried this one:
Set(@ReferrerWhitelist,qw(localhost:80,127.0.0.1:80));

I rebooted the server

I also tried adding both of them at the same time

None of these solved my issue

Any suggestions?
Thank you!

Jeff_Voskamp · January 10, 2019, 4:58pm

if you’re using qw then you should be separating things with spaces.
I.e. both of these are valid:
Set(@ReferrerWhitelist,qw(localhost:80 127.0.0.1:80));
Set(@ReferrerWhitelist,(‘localhost:80’,‘127.0.0.1:80’));

steve_linn · January 10, 2019, 5:45pm

thank you for the easy fix

ROKOR · April 30, 2021, 1:08am

hi bro,

im facing the same issue, kindly request your help

Trasyn · May 7, 2021, 9:02am

Try this - Set( $WebDomain, ‘IP_Address’ );

This worked for me : Possible cross-site request forgery - How to fix? - #3 by craig

Omantel_Ohi · August 18, 2021, 4:16pm

Thank you dear. It works.!!