I’ve installed Discourse, and generally everything is working fine. However, when I attempt to add my Yubikey as a security key, I keep getting this error:
The origin of the authentication request does not match the server origin.
I cannot find any particular configuration option that would fix this. I’ve tried configuring CORS, but it didn’t make any difference. How can I get it to work?
The hostname matches. The only thing is, the instance is behind an nginx proxy, so it may well be that the problem is here. However the proxy configuration is effectively SSL offload, so it’s a case of:
Web Browser → Nginx proxy (https) → Discourse (http)
So the connection between the browser and nginx is HTTPS, but between the proxy and discourse it’s on port 80.
I did just enable CORS on my lab machine that I had setup, as I also had the problem here, but it wasn’t until I did full HTTPS with CORS that I could register my Yubikey. Force SSL was also enabled as well.
I did put both http and https in the COR config in discourse for the one behind the proxy, but it didn’t make any difference. So I think it’s potentially down to the nginx proxy config, or I may need to move it from proxying between 443 and port 80, to proxy to port 443 on discourse instead.
We’ve also got such a report. Also using a TLS terminating nginx reverse proxy in from of discourse. The error message doesn’t help to figure out what needs to change in the server configuration.