After setup, intelowl seems to be fully functional when being accessed through a fully qualified domain name via an external SSL enabled reverse proxy. However, on the /scan page, the frontend shows a CSRF error message in the scan history area, complaining about the URL I'm using to access intelowl not being contained in the list of trusted origins.
Environment
OS: Debian 12.5
IntelOwl version: 6.1.0
What did you expect to happen
Scan history should be displayed.
How to reproduce your issue
configure intelowl with a fully qualified domain name (INTELOWL_WEB_CLIENT_DOMAIN in env, server_name in nginx configuration files)
configure included nginx to serve app on port 80 via plain http; container connected to an additional external docker network
configure an already existing second nginx container on that external docker network to act as an SSL enabled reverse proxy for intelowl and multiple additional services
set HTTPS_ENABLED=True in environment
Error messages and logs
[CSRF Failed: Origin checking failed - https://<fqdn> does not match any trusted origins]
Potential Solution / Workaround
I was able to get around the issue by applying the following patch to intel_owl/settings/security.py and rebuilding the service:
diff --git a/intel_owl/settings/security.py b/intel_owl/settings/security.py
index e739d463..0e6b4f43 100644
--- a/intel_owl/settings/security.py
+++ b/intel_owl/settings/security.py
@@ -19,6 +19,7 @@ else:
WEB_CLIENT_URL = f"http://{WEB_CLIENT_DOMAIN}"
CSRF_COOKIE_SAMESITE = "Strict"
+CSRF_TRUSTED_ORIGINS = [f"{WEB_CLIENT_URL}"]
if STAGE_LOCAL:
# required to allow requests from port 3001 (frontend development)
hey thanks for reporting! considering that you found the issue, would you like to open a little PR about that? so you can become an official contributor!
What happened
After setup, intelowl seems to be fully functional when being accessed through a fully qualified domain name via an external SSL enabled reverse proxy. However, on the /scan page, the frontend shows a CSRF error message in the scan history area, complaining about the URL I'm using to access intelowl not being contained in the list of trusted origins.
Environment
What did you expect to happen
Scan history should be displayed.
How to reproduce your issue
Error messages and logs
[CSRF Failed: Origin checking failed - https://<fqdn> does not match any trusted origins]
Potential Solution / Workaround
I was able to get around the issue by applying the following patch to
intel_owl/settings/security.py
and rebuilding the service: