You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
I've deployed my own Ourchive instance following the steps described here, including setting up SSL using certbot and an nginx reverse proxy. POST requests to the site (e.g. creating a new user or new work) were not successful. In the logs was this error (url replaced with http://example.org):
api.custom_exception_handler WARNING 2024-04-19 17:23:13,764 custom_exception_handler 14661 139981757988928 CSRF Failed: Origin checking failed - http://example.org does not match any trusted origins.
The cause seems to be that my site url was not in the CSRF_TRUSTED_ORIGINS constant. After I edited ourchive/ourchive_app/ourchive_app/settings.py like so, the issue was solved.
So weirdly we "shouldn't" need this in the sense that our own production setup does not need this. I strongly suspect the issue is Nginx config related. One of our 1.0 requirements is people not touching nginx config at all (or touching it less than they do now, relative to Ourchive settings), so I'm going to be tagging this one for 1.0 review. In the meantime, I've added this use case to our troubleshooting in the admin docs.
Describe the bug
I've deployed my own Ourchive instance following the steps described here, including setting up SSL using certbot and an nginx reverse proxy. POST requests to the site (e.g. creating a new user or new work) were not successful. In the logs was this error (url replaced with http://example.org):
The cause seems to be that my site url was not in the
CSRF_TRUSTED_ORIGINS
constant. After I editedourchive/ourchive_app/ourchive_app/settings.py
like so, the issue was solved.To Reproduce
Expected behavior
Creating a new user, new work, etc. should succeed.
Hosting
Digital Ocean droplet running Ubuntu 22.04.
The text was updated successfully, but these errors were encountered: