From cadb710c38e21af420b727833a8702d21b1a9994 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens@goauthentik.io>
Date: Thu, 2 Feb 2023 11:09:00 +0100
Subject: [PATCH] website/docs: add troubleshooting for CSRF

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---
 website/docs/troubleshooting/csrf.md | 9 +++++++++
 website/sidebars.js                  | 1 +
 2 files changed, 10 insertions(+)
 create mode 100644 website/docs/troubleshooting/csrf.md

diff --git a/website/docs/troubleshooting/csrf.md b/website/docs/troubleshooting/csrf.md
new file mode 100644
index 0000000000..1df6261395
--- /dev/null
+++ b/website/docs/troubleshooting/csrf.md
@@ -0,0 +1,9 @@
+---
+title: Troubleshooting CSRF Errors
+---
+
+With some proxy setups, you might run into CSRF errors when attempting to create/save objects in authentik. This is usually caused by either the _Origin_ or _Host_ header being incorrect.
+
+Open the system info API endpoint of your authentik instance by going to *https://authentik.company/api/v3/admin/system/*. Take note of the value of _HTTP_HOST_, make sure it matches the domain you're accessing authentik at, and make sure it does _not_ include any port numbers.
+
+When submitting a POST request by updating/creating an object, open the browser's developer tools and check the _Network_ tab. Open the POST request and look at the request headers. Make sure the value of _Origin_ matches your authentik domain, without any ports.
diff --git a/website/sidebars.js b/website/sidebars.js
index 8f3bb3d77b..19be752649 100644
--- a/website/sidebars.js
+++ b/website/sidebars.js
@@ -280,6 +280,7 @@ module.exports = {
                     },
                 },
                 "troubleshooting/access",
+                "troubleshooting/csrf",
                 "troubleshooting/emails",
                 "troubleshooting/login",
                 "troubleshooting/image_upload",