How to solve the 403 error when logging in! The following error message is displayed

1modm / petereport

PeTeReport is an open-source application vulnerability reporting tool.

https://1modm.github.io/petereport/

BSD 3-Clause "New" or "Revised" License

465 stars 129 forks source link

How to solve the 403 error when logging in! The following error message is displayed #86

Closed SEC-nux closed 5 months ago

SEC-nux commented 6 months ago

How to solve the 403 error when logging in! The following error message is displayed

Forbidden (403) CSRF verification failed. Request aborted.

More information is available with DEBUG=True.

Moneysac90 commented 6 months ago

@SEC-nux

The file/opt/petereport/app/config/petereport_config.py contains configuration options including the trusted domains for CSRF. If you are hosting this application on an external server (meaning not localhost), this issue will come up.

Add your domain or IP-Adress to the trusted origins csrf_trusted_origins.

For example, if your server is running on IP: 192.168.1.127 you have to add default=[... https://192.168.1.127] to the csrf_trusted_origins.

Moneysac90 commented 6 months ago

@1modm A possible solution would be to dynamically update the csrf_trusted_origins field with the current IP-Adress or/and FQDN.

1modm commented 5 months ago

@Moneysac90 you can do it yourself creating in your OS host the config file variable assigned to csrf_trusted_origins:

I haven't checked but something similar to this example should works:

PETEREPORT_DJANGO_CSRF_TRUSTED_ORIGINS="https://$(hostname -I | cut -f1 -d' ')"

Thanks