Hello,
I have a question regarding the implementation of the reverse proxy on the new Angular Api portal.
Question:
How to configure the Api portal for reverse proxy. We get an error "Missing XSFR token" in the headers of POST/PUT requests.
Use case:
The client implemented a reverse proxy for security reasons.
Current problem:
The reverse proxy works, the end user is able to access the portal via reverse proxy. The problem occurs when the user requests a POST/PUT request to the DB. We get an error "Missing XSFR token in the header". We understand the importance of this tokens so we do not want to disable them in the Administration portal. I found the option ServerLevelConfig/XsrfProtectionDisabledMethods to allow POST/PUT requests to not need the XSFR token, but this would aswell post a security risk.
Current configurations of the Api portal:
We modified the following configurations in the Administration portal: ServerLevelConfig/RunReverseProxyMode (we enabled it) and ServerLevelConfig/AllowedReverseProxies (we added IP addresses of the reverse proxy and the DNS).
Any additional help would be appreciated,
Have a nice day,
Zan
