Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Forbidden (403) CSRF verification failed. Request aborted. #43

Closed
nodecentral opened this issue Dec 13, 2022 · 3 comments
Closed

Forbidden (403) CSRF verification failed. Request aborted. #43

nodecentral opened this issue Dec 13, 2022 · 3 comments

Comments

@nodecentral
Copy link

Hi

I’ve managed to get wger up and running via the Docker compose, but when I try to register it returns a 403 error.

D76C73F5-1F61-4FA3-89AB-DD99C051886F
@nodecentral
Copy link
Author

Have enabled debugging, and the above now provides the additional information

Help
Reason given for failure:
    Origin checking failed - http://192.168.102.134:8001 does not match any trusted origins.
    
In general, this can occur when there is a genuine Cross Site Request Forgery, or when [Django’s CSRF mechanism](https://docs.djangoproject.com/en/4.0/ref/csrf/) has not been used correctly. For POST forms, you need to ensure:
Your browser is accepting cookies.
The view function passes a request to the template’s [render](https://docs.djangoproject.com/en/dev/topics/templates/#django.template.backends.base.Template.render) method.
In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.
The form has a valid CSRF token. After logging in in another browser tab or hitting the back button after a login, you may need to reload the page with the form, because the token is rotated after a login.
You’re seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.
You can customize this page using the CSRF_FAILURE_VIEW setting.

@nodecentral
Copy link
Author

nodecentral commented Dec 13, 2022
edited
Loading

My nginx.conf is the default one provided, however i know my docker compose (#42 (comment) ) introduces port 8001 if thats of use..

upstream wger {
    server web:8000;
}

server {

    listen 80;

    location / {
        proxy_pass http://wger;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_redirect off;
    }

    location /static/ {
        alias /wger/static/;
    }

    location /media/ {
        alias /wger/media/;
    }

    # Increase max body size to allow for video uploads
    client_max_body_size 100M;

}

@rolandgeider
Copy link
Member

This is a duplicate of wger-project/wger#1203

Will push the fix as soon as possible

@rolandgeider rolandgeider closed this as not planned Won't fix, can't repro, duplicate, stale Dec 14, 2022
@nodecentral nodecentral mentioned this issue Dec 14, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rolandgeider @nodecentral