diff --git a/CHANGELOG.md b/CHANGELOG.md index 01d1014746c9..600c9676b2e5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,43 +4,39 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). -## [1.0.0] - Unreleased +## [1.0.0] - 2020-05-29 ### Added -- cvat-ui: added cookie policy drawer for login page () -- Added `datumaro_project` export format (https://github.com/opencv/cvat/pull/1352) -- Ability to configure user agreements for the user registration form (https://github.com/opencv/cvat/pull/1464) -- Added cuboid interpolation and cuboid drawing from rectangles () -- Ability to configure custom pageViewHit, which can be useful for web analytics integration (https://github.com/opencv/cvat/pull/1566) -- Ability to configure access to the analytics page based on roles (https://github.com/opencv/cvat/pull/1592) +- cvat-ui: cookie policy drawer for login page () +- `datumaro_project` export format () +- Ability to configure user agreements for the user registration form () +- Cuboid interpolation and cuboid drawing from rectangles () +- Ability to configure custom pageViewHit, which can be useful for web analytics integration () +- Ability to configure access to the analytics page based on roles () ### Changed -- Downloaded file name in annotations export became more informative (https://github.com/opencv/cvat/pull/1352) -- Added auto trimming for trailing whitespaces style enforcement (https://github.com/opencv/cvat/pull/1352) -- REST API: updated `GET /task//annotations`: parameters are `format`, `filename` (now optional), `action` (optional) (https://github.com/opencv/cvat/pull/1352) -- REST API: removed `dataset/formats`, changed format of `annotation/formats` (https://github.com/opencv/cvat/pull/1352) -- Exported annotations are stored for N hours instead of indefinitely (https://github.com/opencv/cvat/pull/1352) -- Formats: CVAT format now accepts ZIP and XML (https://github.com/opencv/cvat/pull/1352) -- Formats: COCO format now accepts ZIP and JSON (https://github.com/opencv/cvat/pull/1352) -- Formats: most of formats renamed, no extension in title (https://github.com/opencv/cvat/pull/1352) -- Formats: definitions are changed, are not stored in DB anymore (https://github.com/opencv/cvat/pull/1352) -- cvat-core: session.annotations.put() now returns identificators of added objects (https://github.com/opencv/cvat/pull/1493) -- Images without annotations now also included in dataset/annotations export (https://github.com/opencv/cvat/issues/525) -- Update https install manual. Makes it easier and more robust. Includes automatic renewing of lets encrypt certificates. - -### Deprecated -- +- Downloaded file name in annotations export became more informative () +- Added auto trimming for trailing whitespaces style enforcement () +- REST API: updated `GET /task//annotations`: parameters are `format`, `filename` (now optional), `action` (optional) () +- REST API: removed `dataset/formats`, changed format of `annotation/formats` () +- Exported annotations are stored for N hours instead of indefinitely () +- Formats: CVAT format now accepts ZIP and XML () +- Formats: COCO format now accepts ZIP and JSON () +- Formats: most of formats renamed, no extension in title () +- Formats: definitions are changed, are not stored in DB anymore () +- cvat-core: session.annotations.put() now returns ids of added objects () +- Images without annotations now also included in dataset/annotations export () ### Removed -- `annotation` application is replaced with `dataset_manager` (https://github.com/opencv/cvat/pull/1352) -- `_DATUMARO_INIT_LOGLEVEL` env. variable is removed in favor of regular `--loglevel` cli parameter (https://github.com/opencv/cvat/pull/1583) +- `annotation` application is replaced with `dataset_manager` () +- `_DATUMARO_INIT_LOGLEVEL` env. variable is removed in favor of regular `--loglevel` cli parameter () ### Fixed -- Categories for empty projects with no sources are taken from own dataset (https://github.com/opencv/cvat/pull/1352) -- Added directory removal on error during `extract` command (https://github.com/opencv/cvat/pull/1352) -- Added debug error message on incorrect XPath (https://github.com/opencv/cvat/pull/1352) -- Exporting frame stepped task (https://github.com/opencv/cvat/issues/1294, https://github.com/opencv/cvat/issues/1334) -- Fixed broken command line interface for `cvat` export format in Datumaro (https://github.com/opencv/cvat/issues/1494) -- Updated Rest API document, Swagger document serving instruction issue (https://github.com/opencv/cvat/issues/1495) +- Categories for empty projects with no sources are taken from own dataset () +- Added directory removal on error during `extract` command () +- Added debug error message on incorrect XPath () +- Exporting frame stepped task () +- Fixed broken command line interface for `cvat` export format in Datumaro () +- Updated Rest API document, Swagger document serving instruction issue () - Fixed cuboid occluded view () - Non-informative lock icon () - Sidebar in AAM has no hide/show button () @@ -60,9 +56,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Fixed an issue with `z_order` having no effect on segmentations () - Permission group whitelist check for analytics view () -### Security -- - ## [1.0.0-beta.2] - 2020-04-30 ### Added - Re-Identification algorithm to merging bounding boxes automatically to the new UI () diff --git a/cvat-core/src/annotations-collection.js b/cvat-core/src/annotations-collection.js index 8616b88781b2..654e89c5b248 100644 --- a/cvat-core/src/annotations-collection.js +++ b/cvat-core/src/annotations-collection.js @@ -96,6 +96,9 @@ case 'cuboid': trackModel = new CuboidTrack(trackData, clientID, color, injection); break; + case 'cuboid': + trackModel = new CuboidTrack(trackData, clientID, color, injection); + break; default: throw new DataError( `An unexpected type of track "${type}"`, diff --git a/cvat-core/src/server-proxy.js b/cvat-core/src/server-proxy.js index 93fba2569e83..f6db560a9a3a 100644 --- a/cvat-core/src/server-proxy.js +++ b/cvat-core/src/server-proxy.js @@ -752,6 +752,13 @@ }), writable: false, }, + + logs: { + value: Object.freeze({ + save: saveLogs, + }), + writable: false, + }, })); } } diff --git a/cvat/__init__.py b/cvat/__init__.py index 6409842f25f8..61cafddfe3db 100644 --- a/cvat/__init__.py +++ b/cvat/__init__.py @@ -4,6 +4,6 @@ from cvat.utils.version import get_version -VERSION = (1, 0, 0, 'rc', 0) +VERSION = (1, 0, 0, 'final', 0) __version__ = get_version(VERSION) diff --git a/cvat/apps/documentation/installation.md b/cvat/apps/documentation/installation.md index 0aa5227242b4..158a987b8926 100644 --- a/cvat/apps/documentation/installation.md +++ b/cvat/apps/documentation/installation.md @@ -311,55 +311,47 @@ contains a text (url for example) which is shown in the client-share browser. ### Serving over HTTPS We will add [letsencrypt.org](https://letsencrypt.org/) issued certificate to secure -our server connection. +our server connection. #### Prerequisites -We assume that +We assume that -- you have sudo access on your server machine, +- you have sudo access on your server machine, - you have an IP address to use for remote access, and - that the local CVAT installation works on your server. - + If this is not the case, please complete the steps in the installation manual first. #### Roadmap We will go through the following sequence of steps to get CVAT over HTTPS: -- Setup containers on default 80/tcp port. Checkin and then down the containers. -- Configure Nginx to pass one of the [ACME challenges](https://letsencrypt.org/docs/challenge-types/) - webroot. +- Move Docker Compose CVAT access port to 80/tcp. +- Configure Nginx to pass one of the [ACME challenges](https://letsencrypt.org/docs/challenge-types/). - Create the certificate files using [acme.sh](https://github.com/acmesh-official/acme.sh). - Reconfigure Nginx to serve over HTTPS and map CVAT to Docker Compose port 443. #### Step-by-step instructions -##### 1. Make the proxy listen on standard port 80 and prepare nginx for the ACME challenge via webroot method - -> The configuration assumes that on the docker host there will be only one instance of the CVAT site listens for incoming connections on 80 and 443 port. Also redirecting everything that does not concern renewal of certificates to the site via secure HTTPS protocol. - -Let's assume the server will be at `my-cvat-server.org`. - -Point you shell in cvat repository directory, usually `cd $HOME/cvat`: - -Add the following into your `docker-compose.override.yml`, replacing `my-cvat-server.org` with your own IP address. This file lives in the same directory as `docker-compose.yml`. - -Create enough directories for letsencrypt webroot operation and acme folder passthrougth. +##### 1. Move the CVAT access port - and restart containers with a new configuration updated in `docker-compose.override.yml` +Let's assume the server will be at `my-cvat-server.org`. ```bash -# on the docker host +# on the server +docker-compose down -# this will create ~/.acme.sh directory -curl https://get.acme.sh | sh +# add docker-compose.override.yml as per instructions below -# create a subdirs for acme-challenge webroot manually -mkdir -p $HOME/cvat/letsencrypt-webroot/.well-known/acme-challenge +docker-compose up -d ``` +Add the following into your `docker-compose.override.yml`, replacing `my-cvat-server.org` with your own IP address. +This file lives in the same directory as `docker-compose.yml`. + ```yaml -# docker-compose.override.yml +# docker-compose.override.yml version: "2.3" services: @@ -367,106 +359,177 @@ services: environment: CVAT_HOST: my-cvat-server.org ports: - - "80:80" - - "443:443" - volumes: - - ./letsencrypt-webroot:/var/tmp/letsencrypt-webroot - - /root/.acme.sh:/root/.acme.sh - + - "80:80" + cvat: environment: ALLOWED_HOSTS: '*' ``` -This will enable serving `http://my-cvat-server.org/.well-known/acme-challenge/` -route from `/var/tmp/letsencrypt-webroot` directory on the container's filesystem which is bind mounted from docker host `$HOME/cvat/letsencrypt-webroot`. That volume needed for issue and renewing certificates only. - -Update a CVAT site proxy template `$HOME/cvat/cvat_proxy/conf.d/cvat.conf.template` on docker(system) host. Site config updates from this template each time `cvat_proxy` container start. +You should now see an unsecured version of CVAT at `http://my-cvat-server.org`. -Add a location to server with `server_name ${CVAT_HOST};` ahead others: +##### 2. Configure Nginx for the ACME challenge -``` - location ^~ /.well-known/acme-challenge/ { - default_type "text/plain"; - root /var/tmp/letsencrypt-webroot; - } -``` +Temporarily, enable serving `http://my-cvat-server.org/.well-known/acme-challenge/` +route from `/letsencrypt` directory on the server's filesystem. You can use the [Nginx quickstart guide](http://nginx.org/en/docs/beginners_guide.html) for reference. - ```bash -# on the docker host -docker-compose down -docker-compose up -d -``` +# cvat_proxy/conf.d/cvat.conf.template -Your server should still be visible (and unsecured) at `http://my-cvat-server.org` -but you won't see any behavior changes. +server { + listen 80; + server_name _ default; + return 404; +} -At this point your deployment is up and running, ready for run acme-challenge. +server { + listen 80; + server_name ${CVAT_HOST}; -##### 2. Setting up HTTPS with `acme.sh` helper + # add this temporarily, to pass an acme challenge + location ^~ /.well-known/acme-challenge/ { + allow all; + root /letsencrypt; + } -There are multiple approaches. First one is to use helper on docker host. + location ~* /api/.*|git/.*|tensorflow/.*|auto_annotation/.*|analytics/.*|static/.*|admin|admin/.*|documentation/.*|dextr/.*|reid/.* { + proxy_pass http://cvat:8080; + proxy_pass_header X-CSRFToken; + proxy_set_header Host $http_host; + proxy_pass_header Set-Cookie; + } -In a our approach -* it is easier to setup automatic certificate updates and (than it can be done in the container). -* leave certificates in safe place on docker host (protect from `docker-compose down` cleanup) -* no unnecessary certificate files copying between container and host. + location / { + # workaround for match location by arguments + error_page 418 = @annotation_ui; -###### Create certificate files using an ACME challenge on docker host + if ( $query_string ~ "^id=\d+.*" ) { return 418; } -**Prepare certificates.** + proxy_pass http://cvat_ui; + proxy_pass_header X-CSRFToken; + proxy_set_header Host $http_host; + proxy_pass_header Set-Cookie; + } -Point you shell in cvat repository directory, usually `cd $HOME/cvat` on docker host. + # old annotation ui, will be removed in the future. + location @annotation_ui { + proxy_pass http://cvat:8080; + proxy_pass_header X-CSRFToken; + proxy_set_header Host $http_host; + proxy_pass_header Set-Cookie; + } +} +``` -> Certificate issue and updates should be on docker host in this approach. +Now create the `/letsencrypt` directory and mount it into `cvat_proxy` container. +Edit your `docker-compose.override.yml` to look like the following: + +```yaml +# docker-compose.override.yml +version: "2.3" -Let’s Encrypt provides rate limits to ensure fair usage by as many people as possible. They recommend utilize their staging environment instead of the production API during testing. So first try to get a test certificate. +services: + cvat_proxy: + environment: + CVAT_HOST: my-cvat-server.org + ports: + - "80:80" + volumes: + - ./letsencrypt:/letsencrypt -``` -~/.acme.sh/acme.sh --issue --staging -d my-cvat-server.org -w $HOME/cvat/letsencrypt-webroot --debug + cvat: + environment: + ALLOWED_HOSTS: '*' ``` -> Debug note: nginx server logs for cvat_proxy are not saved in container. You shall see it at docker host by with: `docker logs cvat_proxy`. +Finally, create the directory and restart CVAT. -If certificates is issued a successful we should test a renew: +```bash +# in the same directory where docker-compose.override.yml lives +mkdir -p letsencrypt/.well-known/acme-challenge +docker-compose down +docker-compose up -d ``` -~/.acme.sh/acme.sh --renew --force --staging -d my-cvat-server.org -w $HOME/cvat/letsencrypt-webroot --debug -``` -If success: -* remove test certificate -* issue a production certificate -* create a cron job for user (`crontab -e`). +Your server should still be visible (and unsecured) at `http://my-cvat-server.org` +but you won't see any behavior changes. -``` -~/.acme.sh/acme.sh --remove -d my-cvat-server.org --debug -rm -r /root/.acme.sh/my-cvat-server.org +##### 3. Create certificate files using an ACME challenge -~/.acme.sh/acme.sh --issue -d my-cvat-server.org -w $HOME/cvat/letsencrypt-webroot --debug +At this point your deployment is running. -~/.acme.sh/acme.sh --install-cronjob +```bash +admin@tempVM:~/cvat$ docker ps +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +0a35cd127968 nginx:stable-alpine "/bin/sh -c 'envsubs…" About a minute ago Up About a minute 0.0.0.0:80->80/tcp, 0.0.0.0:8080->80/tcp cvat_proxy +b85497c44836 cvat_cvat_ui "nginx -g 'daemon of…" About a minute ago Up About a minute 80/tcp cvat_ui +d25a00475849 cvat "/usr/bin/supervisord" About a minute ago Up About a minute 8080/tcp, 8443/tcp cvat +6353a43f55c3 redis:4.0-alpine "docker-entrypoint.s…" About a minute ago Up About a minute 6379/tcp cvat_redis +52009636caa8 postgres:10-alpine "docker-entrypoint.s…" About a minute ago Up About a minute 5432/tcp cvat_db ``` -Down the cvat_proxy container for setup https with issued certificates. +We will attach `cvat_proxy` container to run `acme.sh` scripts. ```bash -docker stop cvat_proxy +admin@tempVM:~/cvat$ docker exec -ti cvat_proxy /bin/sh + +# install some missing software inside cvat_proxy +/ # apk add openssl curl +/ # curl https://get.acme.sh | sh +/ # ~/.acme.sh/acme.sh -h +[... many lines ...] + +/ # ~/.acme.sh/acme.sh --issue -d my-cvat-server.org -w /letsencrypt +[Fri Apr 3 20:49:05 UTC 2020] Create account key ok. +[Fri Apr 3 20:49:05 UTC 2020] Registering account +[Fri Apr 3 20:49:06 UTC 2020] Registered +[Fri Apr 3 20:49:06 UTC 2020] ACCOUNT_THUMBPRINT='tril8-LdJgM8xg6mnN1pMa7vIMdFizVCE0NImNmyZY4' +[Fri Apr 3 20:49:06 UTC 2020] Creating domain key +[ ... many more lines ...] +[Fri Apr 3 20:49:10 UTC 2020] Your cert is in /root/.acme.sh/my-cvat-server.org/my-cvat-server.org.cer +[Fri Apr 3 20:49:10 UTC 2020] Your cert key is in /root/.acme.sh/my-cvat-server.org/my-cvat-server.org.key +[Fri Apr 3 20:49:10 UTC 2020] The intermediate CA cert is in /root/.acme.sh/my-cvat-server.org/ca.cer +[Fri Apr 3 20:49:10 UTC 2020] And the full chain certs is there: /root/.acme.sh/my-cvat-server.org/fullchain.cer + +/ # cp ~/.acme.sh/my-cvat-server.org/my-cvat-server.org.cer /letsencrypt/certificate.cer +/ # cp ~/.acme.sh/my-cvat-server.org/my-cvat-server.org.key /letsencrypt/certificate.key +/ # cp ~/.acme.sh/my-cvat-server.org/ca.cer /letsencrypt/ca.cer +/ # cp ~/.acme.sh/my-cvat-server.org/fullchain.cer /letsencrypt/fullchain.cer +/ # exit +admin@tempVM:~/cvat$ ls letsencrypt/ +ca.cer certificate.cer certificate.key fullchain.cer +admin@tempVM:~/cvat$ mkdir cert +admin@tempVM:~/cvat$ mv letsencrypt/* ./cert ``` -**Reconfigure nginx for use certificates.** +##### 4. Reconfigure Nginx for HTTPS access -Bring the configuration file `$HOME/cvat/cvat_proxy/conf.d/cvat.conf.template` to the following form: +Update Docker Compose configuration to mount the certificate directory. -* add location with redirect `return 301` to 80/tcp server. -* change listen to `listen 443 ssl;` in main configururation server -* add ssl certificates options and secure them. +```yml +# docker-compose.override.yml +version: "2.3" -Example of configuration file: +services: + cvat_proxy: + environment: + CVAT_HOST: my-cvat-server.org + ports: + - "443:443" + volumes: + - ./letsencrypt:/letsencrypt + - ./cert:/cert:ro # this is new + cvat: + environment: + ALLOWED_HOSTS: '*' ``` + +Also, reconfigure Nginx to use `443/tcp` and point it to the new keys. + +```bash server { listen 80; server_name _ default; @@ -474,47 +537,16 @@ server { } server { - listen 80; - server_name ${CVAT_HOST}; - - location ^~ /.well-known/acme-challenge/ { - default_type "text/plain"; - root /var/tmp/letsencrypt; - } - - location / { - return 301 https://$server_name$request_uri; - } -} - -server { - listen 443 ssl; - ssl_certificate /root/.acme.sh/my-cvat-server.org/my-cvat-server.org.cer; - ssl_certificate_key /root/.acme.sh/my-cvat-server.org/my-cvat-server.org.key; - ssl_trusted_certificate /root/.acme.sh/my-cvat-server.org/fullchain.cer; - - # security options - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_prefer_server_ciphers on; - ssl_stapling on; - ssl_session_timeout 24h; - ssl_session_cache shared:SSL:2m; - ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!3DES'; - - # security headers - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-XSS-Protection "1; mode=block" always; - add_header X-Content-Type-Options "nosniff" always; - add_header Referrer-Policy "no-referrer-when-downgrade" always; - add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always; - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; - + listen 443 ssl; server_name ${CVAT_HOST}; proxy_pass_header X-CSRFToken; proxy_set_header Host $http_host; proxy_pass_header Set-Cookie; + ssl_certificate /cert/certificate.cer; + ssl_certificate_key /cert/certificate.key; + location ~* /api/.*|git/.*|tensorflow/.*|auto_annotation/.*|analytics/.*|static/.*|admin|admin/.*|documentation/.*|dextr/.*|reid/.* { proxy_pass http://cvat:8080; } @@ -538,8 +570,35 @@ server { } ``` -Start cvat_proxy container with https enabled. +Finally, restart your service. +```bash +admin@tempVM:~/cvat$ docker-compose down +Stopping cvat_proxy ... done +Stopping cvat_ui ... done +Stopping cvat ... done +Stopping cvat_db ... done +Stopping cvat_redis ... done +Removing cvat_proxy ... done +Removing cvat_ui ... done +Removing cvat ... done +Removing cvat_db ... done +Removing cvat_redis ... done +Removing network cvat_default +admin@tempVM:~/cvat$ docker-compose up -d +Creating network "cvat_default" with the default driver +Creating cvat_db ... done +Creating cvat_redis ... done +Creating cvat ... done +Creating cvat_ui ... done +Creating cvat_proxy ... done +admin@tempVM:~/cvat$ docker ps +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +71464aeac87c nginx:stable-alpine "/bin/sh -c 'envsubs…" About a minute ago Up About a minute 0.0.0.0:443->443/tcp, 0.0.0.0:8080->80/tcp cvat_proxy +8428cfbb766e cvat_cvat_ui "nginx -g 'daemon of…" About a minute ago Up About a minute 80/tcp cvat_ui +b5a2f78689da cvat "/usr/bin/supervisord" About a minute ago Up About a minute 8080/tcp, 8443/tcp cvat +ef4a1f47440f redis:4.0-alpine "docker-entrypoint.s…" About a minute ago Up About a minute 6379/tcp cvat_redis +7803bf828d9f postgres:10-alpine "docker-entrypoint.s…" About a minute ago Up About a minute 5432/tcp cvat_db ``` -docker start cvat_proxy -``` \ No newline at end of file + +Now you can go to `https://my-cvat-server.org/` and verify that you are using an encrypted connection. diff --git a/cvat/apps/documentation/user_guide.md b/cvat/apps/documentation/user_guide.md index 3863aeefc74f..0a01c1d0df86 100644 --- a/cvat/apps/documentation/user_guide.md +++ b/cvat/apps/documentation/user_guide.md @@ -17,18 +17,10 @@ - [Workspace](#workspace) - [Settings](#settings) - [Top Panel](#top-panel) - - [Menu button](#menu-button) - - [Save Work](#save-work) - - [Undo-redo buttons](#undo-redo-buttons) - - [Player](#player) - - [Fullscreen Player](#fullscreen-player) - - [Info](#info) - - [UI switcher](#ui-switcher) - [Controls sidebar](#controls-sidebar) - [Objects sidebar](#objects-sidebar) - [Objects](#objects) - [Labels](#labels) - - [Appearance](#appearance) - [Shape mode (advanced)](#shape-mode-advanced) - [Track mode (advanced)](#track-mode-advanced) - [Attribute annotation mode (advanced)](#attribute-annotation-mode-advanced) @@ -39,10 +31,7 @@ - [Points in shape mode](#points-in-shape-mode) - [Linear interpolation with one point](#linear-interpolation-with-one-point) - [Annotation with cuboids](#annotation-with-cuboids) - - [Creating the cuboid](#creating-the-cuboid) - - [Editing the cuboid](#editing-the-cuboid) - - [Annotation with Auto Segmentation](#annotation-with-auto-segmentation) - - [Annotation with Tags](#annotation-with-tags) + - [Annotation with tags](#annotation-with-tags) - [Automatic annotation](#automatic-annotation) - [Shape grouping](#shape-grouping) - [Filter](#filter) diff --git a/cvat_proxy/conf.d/cvat.conf.template b/cvat_proxy/conf.d/cvat.conf.template index b5d9c760cbe2..fd2d336787a6 100644 --- a/cvat_proxy/conf.d/cvat.conf.template +++ b/cvat_proxy/conf.d/cvat.conf.template @@ -11,6 +11,10 @@ server { proxy_set_header Host $http_host; proxy_pass_header Set-Cookie; + proxy_pass_header X-CSRFToken; + proxy_set_header Host $http_host; + proxy_pass_header Set-Cookie; + location ~* /api/.*|git/.*|tensorflow/.*|auto_annotation/.*|analytics/.*|static/.*|admin|admin/.*|documentation/.*|dextr/.*|reid/.* { proxy_pass http://cvat:8080; }