You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I upgraded an existing Weblate installation from 4.8.1-2 to 4.13.1-2. Its installed with Docker, and before upgrading everything worked fine. I didnt change anything about the configuration, and the problem happens in different browsers.
System check identified some issues:
WARNINGS:
?: (security.W004) You have not set a value for the SECURE_HSTS_SECONDS setting. If your entire site is served only over SSL, you may want to consider setting a value and enabling HTTP Strict Transport Security. Be sure to read the documentation first; enabling HSTS carelessly can cause serious, irreversible problems.
?: (security.W008) Your SECURE_SSL_REDIRECT setting is not set to True. Unless your site should be available over both SSL and non-SSL connections, you may want to either set this setting True or configure a load balancer or reverse-proxy server to redirect all connections to HTTPS.
?: (security.W012) SESSION_COOKIE_SECURE is not set to True. Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions.
INFOS:
?: (weblate.I021) Error collection is not set up, it is highly recommended for production use
HINT: https://docs.weblate.org/en/weblate-4.13.1/admin/install.html#collecting-errors
?: (weblate.I028) Backups are not configured, it is highly recommended for production use
HINT: https://docs.weblate.org/en/weblate-4.13.1/admin/backup.html
System check identified 5 issues (1 silenced).
Additional context
Security warnings seem unrelated to the problem. I also tried downgrading to an older version, but unfortunately that fails due to database migrations, and i didnt make a backup before upgrading.
The text was updated successfully, but these errors were encountered:
Nutomic
changed the title
CSRF error on login after upgrading to 4.13
CSRF errors after upgrading to 4.13
Aug 3, 2022
Based on comments there, i set CSRF_TRUSTED_ORIGINS = ["https://weblate.yerbamate.ml"] in settings-override.py and it fixed the problem. Still keeping the issue open, as this seems like a regression, and the settings override was not necessary in previous versions.
Describe the issue
I upgraded an existing Weblate installation from 4.8.1-2 to 4.13.1-2. Its installed with Docker, and before upgrading everything worked fine. I didnt change anything about the configuration, and the problem happens in different browsers.
I already tried
Steps to reproduce the behavior
The same problem happens also for register, login and probably other forms.
Expected behavior
No response
Screenshots
No response
Exception traceback
No response
How do you run Weblate?
Docker container
Weblate versions
Weblate deploy checks
Additional context
Security warnings seem unrelated to the problem. I also tried downgrading to an older version, but unfortunately that fails due to database migrations, and i didnt make a backup before upgrading.
The text was updated successfully, but these errors were encountered: