Background

This issue was related to an issue that was discovered while working on upgrading AAP on Azure to 2.5. When setting up a vanity domain, that vanity domain needs to be added to the CSRF Trusted Origins list and should be able to be done through the setting in the System Settings. This was similar to a step that needed to be done for 2.4. Currently setting adding the vanity domain in the setting within the UI does not seem to work and the vanity domain continues to see 'CSRF verification failed' errors. 

It was mentioned in this slack thread that it seemed that that it was not currently exposed as a gateway setting.

However, in further discussions with the platform gateway team, it looks like this was a design choice for the gateway and the operator since the operator manages CSRF settings for OpenShift automatically when external ingress is not used. In cases where external ingress is used, CSRF values can be set directly on the ingress. AAP-41175 was created to document that difference.

In later discussions, the missing CSRF settings appear to also apply to VM-based installations as well. In those cases, there is no way to set those values other than editing the settings.py file directly.

Request

• CSRF settings are exposed as a user-configurable setting for the platform gateway.
  • VM installations should be able to set this value at any time.
  • Operator installations should be able to override CR values with a user defined value.
• UI confusion that is created by controller settings being called "system settings" in the gateway is addressed.