New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Forbidden (403) CSRF verification failed. Request aborted. (Deploying Defect Dojo using Helm Chart In AKS Cluster) #9964
Comments
Hi @vivekkontham. At first, for DD_CSRF_COOKIE_HTTPONLY: "true"
DD_CSRF_COOKIE_SECURE: "true" I see that page is "Not secure". So secure cookie will not be sent to your page (if it is on HTTP and not on HTTPS). |
Hi @kiblik , I would like to thank for the quick response , I have Also Tried adding prefix DD_ to both the variables but still we are facing the same issue While accessing the application. Yes the page is Not secure as we haven't attached any Certificate for secure connection as of now . |
Not secure connection might not be compatible with secure cookie. So until you will not enable HTTPS, set |
Hi @kiblik , I have tried changing it but after changing we are not able to login , I have made another one change by adding below variable to false and it started working . But now we are facing another issue were pod is currently getting restarted below is the error we tried to find from the logs
|
Nginx is not able to contact uwsgi but from your logs is not possible to identify why. |
Kubernetes Cluster : Azure K8's
K8's Version: v1.28.5
Defect Dojo is running in AKS cluster installed via helm charts
Database used : postgressql
Modifications : Changed service type to clusterip to load balancer ,Added few environment variables in configmap defectdojo
CSRF_COOKIE_HTTPONLY: "true"
CSRF_COOKIE_SECURE: "true"
DD_ALLOWED_HOSTS: '*'
Steps followed to install the defect dojo using helm chart
Forbidden (403) CSRF verification failed. Request aborted. While Logging to the application
Tried adding DD_CSRF_TRUSTED_ORIGINS: '*' in ConfigMaps but still facing the same issue in logs we are able to see below warning 'WARNING [django.security.csrf:241] Forbidden (CSRF cookie not set.): /login'
The text was updated successfully, but these errors were encountered: