Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSRF verification failed. Request aborted - after update #6321

Open
2 tasks done
pktiuk opened this issue Jun 15, 2023 · 3 comments
Open
2 tasks done

CSRF verification failed. Request aborted - after update #6321

pktiuk opened this issue Jun 15, 2023 · 3 comments

Comments

@pktiuk
Copy link
Contributor

pktiuk commented Jun 15, 2023

My actions before raising this issue

After recent updates (v2.4.2->2.4.6) everything worked fine, but recently i found a problem when I interacted with admin panel (regular annotation and cvat features worked fine).
I was getting CSRF verification failed. Request aborted

Steps to Reproduce (for bugs)

  1. Set hostname: export CVAT_HOST=cvat.example.local
  2. Deploy CVAT with docker and HTTPS
    export CVAT_HOST=annotations.wbe.local docker-compose -f ./docker-compose.yml -f ./docker-compose.https.yml up
  3. Open admin panel
  4. Create new user

Instance deployed on my local machine (no CVAT_HOST) worked fine.

Expected Behaviour

Be able to mark user as active/create user etc.

Current Behaviour

Get error.

Possible Solution

This bug was fixable by adding line CSRF_TRUSTED_ORIGINS = ["https://cvat.example.local"] into file: cvat/settings/base.py
I will soon prepare PR with solution.

Context

Your Environment

  • Git hash commit (git log -1): tag v2.4.6
  • Docker version docker version (e.g. Docker 17.0.05):
  • Are you using Docker Swarm or Kubernetes? No
  • Operating System and version (e.g. Linux, Windows, MacOS): Linux
  • Code example or link to GitHub repo or gist to reproduce problem:
  • Other diagnostic information / logs:

Container logs:

cvat_server   | 2023-06-15 09:17:59,840 DEBG 'uvicorn-1' stderr output:
cvat_server   | [2023-06-15 09:17:59,840] WARNING django.security.csrf: Forbidden (Origin checking failed - https://cvat.example.local does not match any trusted origins.): /admin/auth/user/36/change/
cvat_server   | 
cvat_server   | 2023-06-15 09:17:59,840 DEBG 'uvicorn-1' stderr output:
cvat_server   | WARNING:django.security.csrf:Forbidden (Origin checking failed - https://cvat.example.local does not match any trusted origins.): /admin/auth/user/36/change/
@pktiuk pktiuk mentioned this issue Jun 15, 2023
Closed
4 tasks
@Zanz2
Copy link

Zanz2 commented Jun 27, 2023

Im getting the same issue, but when creating tasks and uploading data (csrf token error)

@pktiuk
Copy link
Contributor Author

pktiuk commented Jun 27, 2023
edited
Loading

@Zanz2 Fix is already submitted in #6322, but it is waiting for approval.
You can just apply my commit and try rebuild your CVAT to check whether does it fix everything for you.

@pktiuk
Copy link
Contributor Author

pktiuk commented May 20, 2024

#6322 was closed without merging. This issue won't be fixed for now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add CVAT_HOST to CSRF_TRUSTED_ORIGINS pktiuk/cvat
2 participants
@Zanz2 @pktiuk