The phpmyadmin app installer is broken in cherokee 1.2.101.
The installer configuration screen sequence fails after the user submits the virtual host for the install. The form attempts to submit a POST to:
This bug happens because of CSRF protection added to CTK appends the get parameter 'key=123456abc' onto the form submission. Note this changeset.
Meanwhile the phpmyadmin installer app publishes the following regex to CTK/Server.py
in phpmyadmin app install dir. target.py:293
CTK.publish ('^%s$' % (URL_TARGET_APPLY), ...)
Note the trailing '$' on the regex will mean that the published url will not match the url submitted by the form due to the addition of the 'key' paramater - hence the 404.
The cherokee admin site is written in python and is separate to the cherokee web server. It is possible to edit the cherokee python implementation to disable CSRF protection as follows:
/usr/share/cherokee/admin/server.py (approx line 85).
CTK.init (host="localhost", port=int(scgi_port), sec_cookie=True, sec_submit=True)
CTK.init (host="localhost", port=int(scgi_port), sec_cookie=True, sec_submit=False)
Changing the sec_submit to False prevents the addition of the CSRF 'key' GET parameter being appended to form submission URLs.
After restarting cherokee-admin it is now possible to install phpmyadmin on cherokee 1.2.101.
People have reported problems with removing unfinished and orphaned apps from the market here:
I was also having this problem with my failed phpmyadmin installs. Once I had disabled CSRF protection using the steps above this problem was resolved.
CSRF protection is a good thing and it should be re-enabled once you have finished installing/removing apps via the market.
It might be worth raising a bug on the Cherokee bug tracker as I'm not sure how active the developers are on here.
It's closed, since patches are in dev/master branch already.
That's what fixed it: cherokee/CTK#2