Cross-site POST form submissions are forbidden

[shertyben]

To Reproduce Steps to reproduce the behavior:

1. Clone repo git clone --depth 1 --branch v1.7.5 https://github.com/intuitem/ciso-assistant-community.git
3. cd ciso-assistant-community && vim docker-compose.yml
4. Edit CISO_ASSISTANT_URL=http://localhost:8443 on both backend and caddy containers
5. Edit PUBLIC_BACKEND_API_EXPOSED_URL=http://localhost:8443/api on backend container
6. Add ORIGIN=http://localhost:8443 to backend container
7. sh docker-compose.sh
8. Fill in e-mail and password
9. linx http://localhost:8443
10. Fill in user and password and click on login
11. See error Cross-site POST form submissions are forbidden

Expected behavior Open dashboard

Screenshots

Environment (please complete the following information):

• Device: VM Machine Proxmox
• OS: Rocky Linux 8
• Browser lynx, brave

Additional context As per recommandations of this issue https://github.com/intuitem/ciso-assistant-community/issues/227#issuecomment-2061472247, added ORIGIN env variable but keep getting same error.

Below my docker-compose.yml

version: "3.9"

services: backend: container_name: backend image: ghcr.io/intuitem/ciso-assistant-community/backend:latest restart: always environment:

• ALLOWED_HOSTS=backend,localhost,localhost
• CISO_ASSISTANT_URL=http://localhost:8443
• DJANGO_DEBUG=True
• AUTH_TOKEN_TTL=7200 volumes:

• ./db:/code/db

  frontend: container_name: frontend environment:

• PUBLIC_BACKEND_API_URL=http://backend:8000/api
• PUBLIC_BACKEND_API_EXPOSED_URL=http://localhost:8443/api
• PROTOCOL_HEADER=x-forwarded-proto
• HOST_HEADER=x-forwarded-host
• ORIGIN=http://localhost:8443 image: ghcr.io/intuitem/ciso-assistant-community/frontend:latest depends_on:

• backend

  caddy: container_name: caddy image: caddy:2.7.6 environment:

• CISO_ASSISTANT_URL=http://localhost:8443 depends_on:
• frontend restart: unless-stopped ports:
• 8443:8443 volumes:
• ./caddy_data:/data command: | sh -c 'echo $$CISO_ASSISTANT_URL "{ reverse_proxy /api/iam/sso/redirect/ backend:8000 reverse_proxy /api/accounts/saml/0/acs/ backend:8000 reverse_proxy /api/accounts/saml/0/acs/finish/ backend:8000 reverse_proxy /* frontend:3000 }" > Caddyfile && caddy run'

[eric-intuitem]

On port 8443 it is https protocol, not http. Can you try again?

[shertyben]

On port 8443 it is https protocol, not http. Can you try again? Hello Eric, tried also to update http to https but, got same result.

[Mohamed-Hacene]

Hi @shertyben,

I have successfully tried the exact same docker-compose.yml as you, so I think that issue is related to your environment. How are you accessing CISO Assistant, from your VM directly ?

[shertyben]

Hi @Mohamed-Hacene , Yes, i'm trying to connect from the local VM using lynx http://localhost:8443 I keep getting the same error.

[Mohamed-Hacene]

Ok, will try to test it in the same environment as you and let you know how it was