TechQA.

Why am I getting a CSRF 403 from OAuth2 Proxy when running on GKE but not locally?

7.3k views Asked by At

I have a simple setup that is using OAuth2 Proxy to handle authentication. It works fine locally using minikube but when I try to use GKE when the oauth callback happens I get a 403 status and the the following message...

Login Failed: Unable to find a valid CSRF token. Please try again.

The offending url is http://ourdomain.co/oauth2/callback?code=J_6ao0AxSBRn4bwr&state=r_aFqM9wsSpPvyKyyzE_nagGnpNKUp1pLyZafOEO0go%3A%2Fip

What should be configured differently to avoid the CSRF error?

kubernetes oauth google-kubernetes-engine openid-connect oauth2-proxy
Original Q&A
1

There are 1 answers

1
Jackie On BEST ANSWER

In my case it was because I needed to set the cookie to secure = false. Apparently I could still have secure true no problem with http and an IP but once I uploaded with a domain it failed.

Related Questions in KUBERNETES

Related Questions in OAUTH

Related Questions in GOOGLE-KUBERNETES-ENGINE

Related Questions in OPENID-CONNECT

Related Questions in OAUTH2-PROXY

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions