New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CSRF Error (403) When Adding Entry (v1.10.0) #393
Comments
@five2seven just to be clear — you’re saying that you see this issue in v1.10.0 but not v1.9.3? |
Yep, sorry if I wasn’t clear. The error only shows up with the latest tag (1.10.0). |
Ok no worries. I can’t reproduce in the demo so I imagine this has to be with being behind a proxy. I don’t think anything related to this was touch intentionally in the release but Django did have a major version upgrade. Maybe I missed some new change there. Will take a look. |
This looks like the culprit — https://docs.djangoproject.com/en/4.0/releases/4.0/#csrf-trusted-origins-changes-4-0 Does your configuration support making changes to a configuration file easily? Wondering if we’ll need to add an env var to support this for Docker-based deployments… |
Can you try setting the |
Looks like that did it! I’ll report back if I see any more errors but so far all functions seem good. Thank you for such a quick resolution and assistance. |
Just chiming in, had the same issue. Set environment variable as above to True and working fine now |
Same here, Baby Buddy running behind a nginx reverse proxy with TLS enabled. The enivornment variable seems to fix it. |
It seems HA Proxy also needs
|
I am running this docker behind Unraid SWAG reverse proxy and this resolved my issue too. Set this in my babybuddy unraid container variables and it works now |
The same error appears when trying to login from the default Gitpod installation. |
Thanks for pointing that out, @Alberdi. That makes this at least a bit easier to try to fiddle around with. For Gitpod specifically after the deploy you can edit CSRF_TRUSTED_ORIGINS = [
os.environ.get("GITPOD_WORKSPACE_URL").replace("https://", "https://8000-")
] |
Supports CSRF with Django 4+ (Baby Buddy v1.10.0+). See #393.
I don't think there is going to be any quick/easy fix for all environments with this change... seems we'll need to add some manner of support for setting 26fa988 takes care of Gitpod, at least. |
I got the same issue, behind a nginx reverse proxy. docker-cli
Any hints what i am doing wrong? |
|
I can't login. Using Heroku + Cloudflare https://support.cloudflare.com/hc/en-us/articles/205893698-Configure-Cloudflare-and-Heroku-over-HTTPS |
@johnnypea thanks for adding that use case -- this actually gives me a good way to test this issue and ensure (sort of) it stays fixed in the future. The demo is now serving HTTPS and has the same breakage 😄 |
Ok |
Closing this out -- but please feel free to continue discussion here as needed! |
This did the trick. Just make sure the whole URL is in the env.
|
Yeah I'll highlight that (whole URL including scheme) in the documentation as well. Will add to #403. |
I can also confirm this works. It is not very clear from the documentation if you still need
Maybe you should mention this can be an array as well. You can add all multiple domains. |
I can log feedings using a POST (iOS Shortcut) but I can’t create an entry on the actual BabyBuddy site.
EDIT: Since I know nothing about Django troubleshooting, I just tried pulling 1.9.3 instead and everything is working normally. So Watchtower must have updated my Docker image to the newest and I didn’t realize it. Let me know if there is anymore information I can provide to help get the latest image working.
The text was updated successfully, but these errors were encountered: