Open Stack

Hey Guys,

So turns out that another internal website is creating a cookie with a
domain .xxx.com and our horizon instance creates a cookie with domain
yyy.xxx.com.  So, after a user logs into horizon and then maybe visits that
other internal site and comes back to login to horizon they get the
forbidden 403 error.  The reason why looks to be that .xxx.com domain
cookie which probably is getting matched instead of yyy.xxx.com.  Once I
remove the .xxx.com domain cookie I am able to get into horizon again.

Is this something that can be fixed by openstack to not match a wildcard
domain?  I am not sure how to fix this issue and can't really tell my user
to remove the .xxx.com cookie everytime they run into this issue and can't
tell that site to create a proper cookie with fqdn domain.

Any help with this would be appreciated!

Thanks.

On Mon, Apr 18, 2016 at 5:48 PM, Jagga Soorma <jagga13 at gmail.com> wrote:

> Hi Guys,
>
> We have a new kilo based openstack environment with ssl enabled.  On most
> browsers when accessing the https link to horizon when users login they get
> the following error:
>
> --
> Forbidden (403)
> CSRF verification failed. Request aborted.
> You are seeing this message because this site requires a CSRF cookie when
> submitting forms. This cookie is required for security reasons, to ensure
> that your browser is not being hijacked by third parties.
> If you have configured your browser to disable cookies, please re-enable
> them, at least for this site, or for 'same-origin' requests.
> --
>
> Is there something that can be done to permanently clear this up?  Either
> from the browser (besides remove the cookie each time) or from openstack
> itself?
>
> Thanks!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160420/87c3fc24/attachment.html>