How to solve the 403 error when logging in! The following error message is displayed

Question

How to solve the 403 error when logging in! The following error message is displayed

SEC-nux opened this issue 4 months ago · comments

kenneth_nux commented 4 months ago

Forbidden (403)
CSRF verification failed. Request aborted.

More information is available with DEBUG=True.

Moneysac90 · Answer 1 · Tue Apr 02 2024 00:32:49 GMT+0800 (China Standard Time)

@SEC-nux

The file/opt/petereport/app/config/petereport_config.py contains configuration options including the trusted domains for CSRF. If you are hosting this application on an external server (meaning not localhost), this issue will come up.

Add your domain or IP-Adress to the trusted origins csrf_trusted_origins.

For example, if your server is running on IP: 192.168.1.127 you have to add default=[... https://192.168.1.127] to the csrf_trusted_origins.

Moneysac90 · Answer 2 · Tue Apr 02 2024 01:06:51 GMT+0800 (China Standard Time)

@1modm A possible solution would be to dynamically update the csrf_trusted_origins field with the current IP-Adress or/and FQDN.

M · Answer 3 · Mon Apr 08 2024 15:27:38 GMT+0800 (China Standard Time)

@Moneysac90 you can do it yourself creating in your OS host the config file variable assigned to csrf_trusted_origins:

I haven't checked but something similar to this example should works:

PETEREPORT_DJANGO_CSRF_TRUSTED_ORIGINS="https://$(hostname -I | cut -f1 -d' ')"

Thanks