-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CSRF verification failed for docker after update to seafile 11.0.0 #2707
Comments
same for me |
Try adding your Domain to the corresponding Django setting inside CSRF_TRUSTED_ORIGINS = ["https://seafile.example.com"] |
Thank you yrd, that helped. |
Thank, all, for posting this resolution. (this needs to be made more aware; I have been jacking around with this for 3 hours now... LOL) |
Thank you so much for this, made my Seafile instance work again!
|
The cause of this issue arises from the This will probably be a common issue when upgrading and should therefore be addressed in the docs. |
My service URL has been set as “HTTPS://xxxxxx.com” the entire time in admin settings… |
Another cause could be your reverse proxy not setting the headers correctly, see this answer on StackOverflow https://stackoverflow.com/a/71482883 For nginx this would be:
The need for |
Since I am using SeaFile in a container in Unraid it appears Nginx runs with container?; could your proxy_set_header directive need overridden here: |
Thanks, that helped after the upgrade from v10 to v11
|
It's likely Unraid is setup much the same way my podman managed seafile is, with the host nginx managing the https connection using a wildcard SSL cert and proxying to nginx/seafile inside the container using http. This change of forwarded protocol won't work, you'd need to adjust proxy_pass to https and more importantly set up seafile in the container to communicate with the reverse proxy over https. Setting CSRF_TRUSTED_ORIGINS is the way to go. |
Yes, I have SeaFile in Unraid too and this was fix; to edit Nginx in container: |
Unfortunatelly this does not help when trying/playing with server on localhost. Any other idea how to fix it?
|
There are two potential problems/solutions here.
Compared to django 3.2, django 4.* has introduced a new check for the origin http header in CSRF verification (Django 4.0 release notes | Django documentation | Django). It now compares the values of the origin http header and the request host (https://github.com/django/django/blob/stable/4.2.x/django/middleware/csrf.py#L287). If they are different, an error is triggered. In your case, you modified the port mapping, causing the origin http header to be http{s}://{ip_or_domain}:20080 and the request host remains {ip_or_domain} without the custom port. This mismatch results in a CSRF error. For Nginx, you can change your nginx config to the following to fix this problem:
|
Tip for others who repeat my mistake, make sure you don't have a trailing slash in the URL. |
CSRF_TRUSTED_ORIGINS = ["http://localhost:3000"] Also make sure you're accessing Seafile using http://localhost:3000 instead of http://127.0.0.1:3000 (or similar) so the browser correctly sets the |
same problem... and adding my seafile url in CSRF_TRUSTED_ORIGINS resolve the issue. But it is not the best solution. |
Exactly! Would it be possible to remove the trailing slash when the Example of Docker bootstrapping which adds the trailing slash: |
Thanks for reporting the trailing slash problem. It has been fixed in haiwen/seafile-docker#383 and haiwen/seahub#5997 |
@freeplant Could you modify the /opt/seafile/seafile-server-latest/setup-seafile.sh to add CSRF_TRUSTED_ORIGINS also in seahub_setting.py ? |
Hello,
I have deployed Seafile using docker compose. After updating from 10.0.1 to 11.0.0 I cannot login anymore. I get a "403 - CSRF verification failed".
This is my Apache Virtualhost file
There is also a non-SSL variant of that file too with (almost) equal content.
This here is the docker compose file:
Is there something I can do to solve this issue?
Thank you in advance!
The text was updated successfully, but these errors were encountered: