Open ankur-aggarwal0403 opened 1 year ago
Hi,
I have this error with RHEL 7.
I changed the port 8080 to 8980, it works in http with the server name but not behind an apache reverse proxy in https.
My setup :
LAN <-> server RHEL 7 with Apache reverse proxy defectdojo.mydomain.tld in https <-> server rhel 7 with docker
I tested "export DD CSRF_TRUSTED_ORIGINS" without much result
Do you have any suggestion ?
Thanks in advance,
Regard
Hi I ran into the same problem.
In my case DefectDojo is running on default port 8080 behind a external Nginx TLS reverse proxy on another server.
I had to change the file ./dojo/settings/settings.dist.py
to add my URL and the proxy server IP to the variable DD_CSRF_TRUSTED_ORIGINS
:
....
DD_CSRF_TRUSTED_ORIGINS=(list, ['https://djo.example.org', '10.10.0.125']),
....
After changing the file a new build needs be to created by using: ./dc-build.sh
and then start your deployment again, eg: ./dc-up-d.sh postgres-redis
Now I am able to login without these CSRF errors.
I have the same problem but deploying using helm, can someone help me fix it?
You can specify DD_CSRF_TRUSTED_ORIGINS in helm as well using extra configs https://github.com/DefectDojo/django-DefectDojo/blob/master/helm/defectdojo/values.yaml#L541
Hi @Philaaadata did you got any workaround ? Seems I am facing the same issue
Same issue here DD_CSRF_TRUSTED_ORIGINS
in local_settings.py
does not help
Docker version: 24.0.5 Docker-compose version: 1.29.2
Running Docker on Red Hat Enterprise Linux release 8.8 (Ootpa)
Modifications: django-DefectDojo/docker-compose.yml --> Changed port from 8443 to 8444 for nginx Using nginx as reverse proxy which listens on port 8443(outside) and points to defectdojo running on port 8080.
Observations: After clicking on the url with port 8443. It opens up the login page. After providing the credentails it response back with the error message: "Forbidden (403) CSRF verification failed. Request aborted."