CSRF origin checking failure

[bellisk]

Describe the bug I've deployed my own Ourchive instance following the steps described here, including setting up SSL using certbot and an nginx reverse proxy. POST requests to the site (e.g. creating a new user or new work) were not successful. In the logs was this error (url replaced with http://example.org):

api.custom_exception_handler WARNING 2024-04-19 17:23:13,764 custom_exception_handler 14661 139981757988928 CSRF Failed: Origin checking failed - http://example.org does not match any trusted origins.

The cause seems to be that my site url was not in the CSRF_TRUSTED_ORIGINS constant. After I edited ourchive/ourchive_app/ourchive_app/settings.py like so, the issue was solved.

CSRF_TRUSTED_ORIGINS = [
    "http://127.0.0.1:8000",
    "http://example.org",
    "https://example.org",
]

To Reproduce

1. Deploy Ourchive to VPS hosting and set up nginx and SSL as described in https://docs.getourchive.io/admin-getting-started/
2. Try to create a new user or a new work as a logged-in user
3. Creation will fail, CSRF origin checking failure will be logged

Expected behavior Creating a new user, new work, etc. should succeed.

Hosting Digital Ocean droplet running Ubuntu 22.04.

[c-e-p]

This is going to be a documentation/defaults update, will be added to next release.

[c-e-p]

So weirdly we "shouldn't" need this in the sense that our own production setup does not need this. I strongly suspect the issue is Nginx config related. One of our 1.0 requirements is people not touching nginx config at all (or touching it less than they do now, relative to Ourchive settings), so I'm going to be tagging this one for 1.0 review. In the meantime, I've added this use case to our troubleshooting in the admin docs.