I have a Bamboo 6.10.3 server installed with XSRF protection enabled, sitting behind Apache proxy. Everything works fine untill I add the header below to vhost config file
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
It would not allow me do add users to groups and when I choose to log our I am getting this error
XSRF token validation failed
Unable to access this resource due to a failed XSRF check. Please ensure that a valid XSRF token is provided in the request.
Error code: XSRF_FAILURE_BAD_TOKEN
My connector looks like this
<Connector port="8085"
protocol="HTTP/1.1"
connectionTimeout="20000"
useBodyEncodingForURI="true"
redirectPort="443"
compression="on"
compressableMimeType="text/html,text/xml,text/plain,text/css,application/json,application/javascript,application/x-javascript"
secure="true"
scheme="https"
proxyName="bamboo.domain.com"
proxyPort="443" />
And this is my apache proxy configuration
ProxyPreserveHost On
ProxyRequests Off
SSLProxyEngine On
ProxyPass / http://localhost:8085/ connectiontimeout=5 timeout=300
ProxyPassReverse / http://localhost:8085/
been following this howto
https://confluence.atlassian.com/bamboo/securing-bamboo-with-apache-using-ssl-391087437.html
Similar apache config files work with Bitbucket, Jira, Confluence without a problem
