Error: Origin does not correspond to request

Owned by Keith Uber

Last updated: 2019-07-13Version comment

1 min read

Problem

When trying to load a page of CustomerID, the error message Origin does not correspond to request is displayed.

Solution

To prevent CSRF attacks on Wicket components a check is performed using the Origin and Referer HTTP headers for cross domain requests.

When the Origin or Referer HTTP header is present a proxy needs to be configured so that it matches the requested URL otherwise a HTTP error ( 400 BAD REQUEST) will be thrown. From the following link you can find information what is needed to configure the proxy: https://ci.apache.org/projects/wicket/apidocs/6.x/org/apache/wicket/protocol/http/CsrfPreventionRequestCycleListener.html

Adjust the setting general.accepted.origin.whitelist in eidm2.properties to allow certain hosts. e.g.

general.accepted.origin.whitelist = example.com, example.org

Related articles

Page:

Custom Attribute not present in SAML response
Page:

Error: Origin does not correspond to request

Ubisecure Privacy Policy & Cookie Statement