CSRF verification failed

1modm / petereport

PeTeReport is an open-source application vulnerability reporting tool.

https://1modm.github.io/petereport/

BSD 3-Clause "New" or "Revised" License

449 stars 131 forks source link

CSRF verification failed #77

Closed Aledangelo closed 10 months ago

Aledangelo commented 10 months ago

When I log in into PeteReport using my ip address from browser, after the log in it apperas FORBIDEN with this message "CSRF Verification Failed". I'm using firefox and petereport is installed on a linux virtual machine

1modm commented 10 months ago

Hi,

If you are not using localhost or 127.0.0.1 you need to add your IP or domain into the csrf_trusted_origins configuration. Check petereport/tree/main/app/config/petereport_config.py and add your IP:

'csrf_trusted_origins': env.list('PETEREPORT_DJANGO_CSRF_TRUSTED_ORIGINS', default=['https://localhost', 'https://127.0.0.1']),

Aledangelo commented 10 months ago

Thanks, it works