linuxserver / docker-healthchecks

GNU General Public License v3.0
177 stars 38 forks source link

Fix CSRF setting for Django 4.0 (introduced in v1.25.0) #84

Closed immanuelfodor closed 2 years ago

immanuelfodor commented 2 years ago

linuxserver.io



Description:

Healthchecks v1.25.0 has upgraded Django to 4.0 and so the CSRF host should include the http(s):// prefix.

Benefits of this PR and context:

Fixes an error produced by the change in upstream. The error is visible in the Docker logs and echoed regularly in context of alert sending. It might broke the alert sending functionality but that's not confirmed.

How Has This Been Tested?

Edited my local settings file within the container, instantly remediated the issue.

Source / References:

SystemCheckError: System check identified some issues:

ERRORS:
?: (4_0.E001) As of Django 4.0, the values in the CSRF_TRUSTED_ORIGINS setting
must start with a scheme (usually http:// or https://) but found XXXXFQDNXXXX.com. See the release notes for details.
[uwsgi-daemons] respawning "/usr/bin/python3 ./manage.py sendalerts" (uid: 1100
 gid: 1100)
LinuxServer-CI commented 2 years ago

I am a bot, here are the test results for this PR: https://ci-tests.linuxserver.io/lspipepr/healthchecks/v1.25.0-pkg-1d4cf52c-pr-84/index.html https://ci-tests.linuxserver.io/lspipepr/healthchecks/v1.25.0-pkg-1d4cf52c-pr-84/shellcheck-result.xml

thespad commented 2 years ago

If you're swapping out BASE_URL for SITE_ROOT you can also remove https://github.com/linuxserver/docker-healthchecks/blob/master/root/etc/cont-init.d/30-config#L10-L12 as it's not used for anything other than the CSRF inset.

Additionally can you please update the readme changelog to reflect the change.

immanuelfodor commented 2 years ago

Thanks for the review, updated the files as requested (I'm on mobile now, so I missed those in the small edit boxes)

LinuxServer-CI commented 2 years ago

I am a bot, here are the test results for this PR: https://ci-tests.linuxserver.io/lspipepr/healthchecks/v1.25.0-pkg-1d4cf52c-pr-84/index.html https://ci-tests.linuxserver.io/lspipepr/healthchecks/v1.25.0-pkg-1d4cf52c-pr-84/shellcheck-result.xml

LinuxServer-CI commented 2 years ago

I am a bot, here are the test results for this PR: https://ci-tests.linuxserver.io/lspipepr/healthchecks/v1.25.0-pkg-1d4cf52c-pr-84/index.html https://ci-tests.linuxserver.io/lspipepr/healthchecks/v1.25.0-pkg-1d4cf52c-pr-84/shellcheck-result.xml

rjbaat commented 2 years ago

@immanuelfodor Hi, I tried the latest container, with REGENERATE_SETTINGS = true, but its stil broken on my side. The container is giving me the error 500 with the error. What do I do wrong?

?: (4_0.E001) As of Django 4.0, the values in the CSRF_TRUSTED_ORIGINS setting must start with a scheme ...
thespad commented 2 years ago

You'll need to check the value of CSRF_TRUSTED_ORIGINS and SITE_ROOT in your local_settings.py - may be that you've hit an edge case or bug.

rjbaat commented 2 years ago

I just checked my local_settings.py and I it looks like the url without https is showing up. So maybe the file isn't overwritten. I also see the BASE_URL still showing up in the local_settings.py. That one was removed right?

Ahh found it. I had REGENERATE_SETTINGS = true instead of True So its working for me now, thnx for the quick reply!