July 22, 2019

Alfresco tips and tricks – #13 CSRF Filter error on Share login with Apache mod_proxy and SSLEngine on

Starting from Alfresco 4.1, a CSRF filter has been added to Share in order to prevent Cross-Site Request Forgery attacks. When you configure a web server in front of Share to serve virtual hosts through HTTPS, a CSRF error could occur. To run the CSRF Token Filter behind a web server Apache with mod_proxy and SSLEngine you may need to update the Origin and Referer headers in the CSRF Token Filter. In this article I show two possible solutions.

Apache SSL VirtualHost

CSRF possible error when you login to Share

SOLUTION 1 – Set the Referer and Origin in the CSRF Token Filter

Step1. Copy the “CSRFPolicy” default config from:

Step 2. Add the attribute replace=”true” like below

Step 3. Update the properties referer e origin with the FQDN (https) of the Apache VirtualHost

SOLUTION 2 – Disable the CSRF Token Filter

Uncomment the “CSRFPolicy” config in:


  1. Sergio

    Hello Giuseppe,

    it works like a charm. I knew of the reasons for this issue to happen, but wasn’t sure of how to fix it.



Leave a Reply

Your email address will not be published.