Using Grafana behind proxy with mod_auth_openidc auth causing piling up of state cookies and reaching server limit (400 Bad request)

Hi, I hit quite common problem related to mod_auth_openidc. The issue is well described in Bad Request due to state cookie are piling up and sending to server on mod_auth_openidc GitHab project.

In general, because of parallel requests there are generated multiple state cookies, which then are sent to auth server, however, in some time their amount will reach server (proxy) limit and only way to recover is delete some on client side.

The case is quite well documented on Openidc project too however it’s quite hard to fix this issue using apache/Grafana configuration.

The javascripts aren’t on simple one place, so couldn’t be simply fixed by OIDCUnAuthAction 401 so the only one thing which left is fix on application side using

provide a X-Requested-With: XMLHttpRequest header in the Javascript call

as mentioned in OpenIDC module wiki. However I do not know, if it’s even possible as do not understand it correctly. Maybe you will know, or even find way, how I can configure server by way it will work?

Thank you for any hint.

More topics about the issue:
https://groups.google.com/forum/#!topic/mod_auth_openidc/D1dwqNqflVI
https://groups.google.com/d/msg/mod_auth_openidc/D1dwqNqflVI/EPD4g1l6BAAJ
https://groups.google.com/forum/#!topic/mod_auth_openidc/hRQfHTbbtFY


Try OIDCUnAuthAction 401 for /public/* and /api/*

Facing the same issue. Were you able to solve this?