Forbidden (403) CSRF verification failed. Request aborted.
nodecentral opened this issue · comments
Have enabled debugging, and the above now provides the additional information
Help
Reason given for failure:
Origin checking failed - http://192.168.102.134:8001 does not match any trusted origins.
In general, this can occur when there is a genuine Cross Site Request Forgery, or when [Django’s CSRF mechanism](https://docs.djangoproject.com/en/4.0/ref/csrf/) has not been used correctly. For POST forms, you need to ensure:
Your browser is accepting cookies.
The view function passes a request to the template’s [render](https://docs.djangoproject.com/en/dev/topics/templates/#django.template.backends.base.Template.render) method.
In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.
The form has a valid CSRF token. After logging in in another browser tab or hitting the back button after a login, you may need to reload the page with the form, because the token is rotated after a login.
You’re seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.
You can customize this page using the CSRF_FAILURE_VIEW setting.
My nginx.conf is the default one provided, however i know my docker compose (#42 (comment) ) introduces port 8001 if thats of use..
upstream wger {
server web:8000;
}
server {
listen 80;
location / {
proxy_pass http://wger;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
}
location /static/ {
alias /wger/static/;
}
location /media/ {
alias /wger/media/;
}
# Increase max body size to allow for video uploads
client_max_body_size 100M;
}
This is a duplicate of wger-project/wger#1203
Will push the fix as soon as possible