I have difficulties setting the CSRF policy to work with the admin console (for exemple, the workflow console when typing "help" for exemple"). I first encountered this problem with share and find out in the documentation to modify the share-config-custom.xml file. I did the change and it's working perfectly.
But now, I tried to use any of the "admin console" (/alfresco/s/admin/admin-workflowconsole), and I get the same issue. I looked in the forum and found this topic Workflow admin console doesn't work: Possible CSRF attack noted that seems to old to be relevant as things should have been patched. I'm using Alfresco free community edition 6.6.
Possible CSRF attack noted when asserting referer header 'https://XXXX/alfresco/s/admin/admin-workflowconsole'. Request: POST /alfresco/s/admin/admin-workflowconsole, FAILED TEST: Assert referer POST /alfresco/s/admin/admin-workflowconsole :: referer: 'https://XXXX/alfresco/s/admin/admin-workflowconsole' vs server & context: http://YYYY:8080/ (string) or (regexp)
The "YYYY" server & context is certainly based on the "hostname" value on CentOs, which I cannot change, but i'm using an apache in front of the tomcat to manage the requests and redirect from a specific DNS "XXXX".
I tried to add some filters in the xml such as
But I don't think I got how it works...
Could you give me some hint please ?