Custom Reports can not be generated, as some requests are directed to a incorrect location.
When clicking on the Run button for creating a Custom HTML Report, the Browser tries to fetch /static/bootswatch/readable/bootstrap.min.css from my Workstations Public IP.
Fill out the 'Report Options' with 'Report type' = HTML
Open some 'Web Developer Tool' to show the requests
Click on 'RUN'
In the 'Web Developer Tool' you will see a request to https://my-public-ip:8080/static/bootswatch/readable/bootstrap.min.css
After the Browser runs into a time-out an Empty Page (at least on my end) is shown, but some more Infos can be found in the returned source
<body>
<div id="[summary]()">
<h1>Forbidden <span>(403)</span></h1>
<p>CSRF verification failed. Request aborted.</p>
<p>You are seeing this message because this HTTPS site requires a “Referer header” to be sent by your Web browser, but none was sent. This header is required for security reasons, to ensure that your browser is not being hijacked by third parties.</p>
<p>If you have configured your browser to disable “Referer” headers, please re-enable them, at least for this site, or for HTTPS connections, or for “same-origin” requests.</p>
<p>If you are using the <meta name="referrer" content="no-referrer"> tag or including the “Referrer-Policy: no-referrer” header, please remove them. The CSRF protection requires the “Referer” header to do strict referer checking. If you’re concerned about privacy, use alternatives like <a rel="noreferrer" …> for links to third-party sites.</p>
</div>
<div id="[explanation]()">
<p><small>More information is available with DEBUG=True.</small></p>
</div>
</body>
Expected behavior
Based on the Log-file, the Report is generated, but never shown in the Browser.
Deployment method(select with an X)
[X] Docker Compose with "Traefik" as Ingress/Proxy
[ ] Kubernetes
[ ] GoDojo
Environment information
Operating System: Debian 11
DefectDojo version: v. 2.7.1 ( release mode )
Logs
As the Clientsends the Request to the wrong location, no errors can be found in the logs.
StefanFl
commented
2 years ago
Bug description
Custom Reports can not be generated, as some requests are directed to a incorrect location.
When clicking on the Run button for creating a Custom HTML Report, the Browser tries to fetch
/static/bootswatch/readable/bootstrap.min.cssfrom my Workstations Public IP.Searching through the Codebase, I found, that
are using
while other Templates use
which could maybe explain the source of the problem
Steps to reproduce Steps to reproduce the behavior:
HTMLhttps://my-public-ip:8080/static/bootswatch/readable/bootstrap.min.cssExpected behavior Based on the Log-file, the Report is generated, but never shown in the Browser.
Deployment method (select with an
X)Environment information
Debian 11v. 2.7.1 ( release mode )Logs As the Clientsends the Request to the wrong location, no errors can be found in the logs.