Troubleshooting CSRF Errors

With some proxy setups, you might run into CSRF errors when attempting to create/save objects in authentik. This is usually caused by either the Origin or Host header being incorrect.

Open the system info API endpoint of your authentik instance by going to https://authentik.company/api/v3/admin/system/. Take note of the value of HTTP_HOST, make sure it matches the domain you're accessing authentik at, and make sure it does not include any port numbers.

When submitting a POST request by updating/creating an object, open the browser's developer tools and check the Network tab. Open the POST request and look at the request headers. Make sure the value of Origin matches your authentik domain, without any ports.