Matthew DeVenny

> Hi, > In 2.x the CSRF mechanism has been reworked. This may due to some settings in the ALB makes it drop some headers/cookies. > > Does the CSRF...

@reasonerjt The ALB is not configured to drop any header fields. And the header is not being set by the UI the majority of the time... However troubleshooting today with...

@reasonerjt harbor is installed with `EXT_ENDPOINT` matching the DNS hostname.. The ingress is configured to use-forwarded-headers. Also this only happens when OIDC is enabled. On the same cluster, I just...

The xsrf key is already set to 32 characters as part of the helm chart update and shortening it has no affect on my issue

However - I did just update to harbor 2.1.0 and this problem now seems to be resolved in this release

I understand the ask... but I am not seeing in the documentation where some claims are only accessible via `/userinfo`. Can you not just add the `groups` scope?

For reference.. If I understand correctly you could get at these with additional scopes added to the scope query parameter https://developer.okta.com/docs/reference/api/oidc/#scope-dependent-claims-not-always-returned