Scan history: CSRF error - <url> not in list of trusted origins

[xofolowski]

What happened

After setup, intelowl seems to be fully functional when being accessed through a fully qualified domain name via an external SSL enabled reverse proxy. However, on the /scan page, the frontend shows a CSRF error message in the scan history area, complaining about the URL I'm using to access intelowl not being contained in the list of trusted origins.

Environment

1. OS: Debian 12.5
2. IntelOwl version: 6.1.0

What did you expect to happen

Scan history should be displayed.

How to reproduce your issue

• configure intelowl with a fully qualified domain name (INTELOWL_WEB_CLIENT_DOMAIN in env, server_name in nginx configuration files)
• configure included nginx to serve app on port 80 via plain http; container connected to an additional external docker network
• configure an already existing second nginx container on that external docker network to act as an SSL enabled reverse proxy for intelowl and multiple additional services
• set HTTPS_ENABLED=True in environment

Error messages and logs

[CSRF Failed: Origin checking failed - https://<fqdn> does not match any trusted origins]

Potential Solution / Workaround

I was able to get around the issue by applying the following patch to intel_owl/settings/security.py and rebuilding the service:

diff --git a/intel_owl/settings/security.py b/intel_owl/settings/security.py
index e739d463..0e6b4f43 100644
--- a/intel_owl/settings/security.py
+++ b/intel_owl/settings/security.py
@@ -19,6 +19,7 @@ else:
     WEB_CLIENT_URL = f"http://{WEB_CLIENT_DOMAIN}"

 CSRF_COOKIE_SAMESITE = "Strict"
+CSRF_TRUSTED_ORIGINS = [f"{WEB_CLIENT_URL}"]

 if STAGE_LOCAL:
     # required to allow requests from port 3001 (frontend development)

[mlodic]

hey thanks for reporting! considering that you found the issue, would you like to open a little PR about that? so you can become an official contributor!