[rt-users] Some users getting CSRF warnings when creating tickets?

Todd Wade waveright at gmail.com
Tue Sep 27 14:52:08 EDT 2016


On 9/27/16 9:17 AM, Alex Hall wrote:
> That makes me wonder: would having two subdomains do it? I have
> tickets.domain.com and rt.domain.com both going to the same thing,
> but rt.autodist.com is the actual domain in the configuration files.

Yes this would do it. There is a config option to allow you to bypass 
the CSRF warning for the additional domains:

https://docs.bestpractical.com/rt/4.4.1/RT_Config.html#ReferrerWhitelist




More information about the rt-users mailing list