For being able to use LetsEncrypt certificates, I’m running Caddy as a reverse proxy in front of apache2 as the setup for DNS challenge is easy with Caddy.
I get a basic OOD installation running without problems. I only had to put OIDCXForwardedHeaders: "X-Forwarded-Host X-Forwarded-Proto" into oidc_settings of ood_portal.yml.j2.
However, when trying to launch a Jupyter app, I see the following error in my logs:
ActionController::InvalidAuthenticityToken (HTTP Origin header (https://ondemand.myorg.de) didn't match request.base_url (http://ondemand.myorg.de)):
I assume that this is the first time I do a true HTTP POST and this is where a CSRF protection kicks in…
Is there a way to make it known to PUN that it’s OK to allow http__S__://ondemand.myorg.de as well?