CSRF verification failed. Request aborted.

willow-god commented 7 months ago

Hello developers, I encountered the following problems while deploying your program:

Forbidden (403)
CSRF verification failed. Request aborted.

More information is available with DEBUG=True.

This is what appeared after my successful deployment. The deployment method I used is docker-compose.

Here are my relevant documents:

.env:

# PostgreSQL 数据库连接信息
DB_NAME=shynetdb
DB_USER=shynet
DB_PASSWORD=password
DB_HOST=127.0.0.1
DB_PORT=5432

# 如果不需要邮件功能的话可以直接注释掉
# EMAIL_HOST_USER=example
# EMAIL_HOST_PASSWORD=example_password
# EMAIL_HOST=smtp.example.com
# EMAIL_PORT=465
# EMAIL_USE_SSL=True

# 默认为 *，建议修改为你准备部署的域名
ALLOWED_HOSTS=my.site.example

# 时区设置，可以修改为 Asia/Shanghai
TIME_ZONE=Asia/Shanghai

nginx.conf:

server {
    server_name my.site.example;
    access_log /var/log/nginx/bin.access.log;
    error_log /var/log/nginx/bin.error.log error;

    location / {
        proxy_pass http://shynet:8080;
        proxy_redirect off;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Protocol $scheme;
        proxy_set_header X-Url-Scheme $scheme;
    }
    listen 80; 

}

docker-compase:

version: '3'
services:
  shynet:
    container_name: shynet_main
    image: milesmcc/shynet:latest
    restart: unless-stopped
    expose:
      - 8080
    env_file:
      # Create a file called '.env' if it doesn't already exist.
      # You can use `TEMPLATE.env` as a guide.
      - .env
    environment:
      - DB_HOST=db
    networks:
      - internal
    depends_on:
      - db
  db:
    container_name: shynet_database
    image: postgres
    restart: always
    environment:
      - "POSTGRES_USER=${DB_USER}"
      - "POSTGRES_PASSWORD=${DB_PASSWORD}"
      - "POSTGRES_DB=${DB_NAME}"
    volumes:
      - shynet_db:/var/lib/postgresql/data
    networks:
      - internal
  webserver:
    container_name: shynet_webserver
    image: nginx
    restart: always
    volumes:
      - ./nginx.conf:/etc/nginx/conf.d/default.conf    
    ports:
      - 3000:80
    depends_on:
      - shynet
    networks:
      - internal
volumes:
  shynet_db:
networks:
  internal:

here is some related picture.The same is true on the computer.

Screenshot_2024-04-23-00-45-47-250_mark via

Screenshot_2024-04-23-00-46-11-123_mark via

Looking forward to your reply, I would appreciate it. think you very much！

croqaz commented 5 months ago

Hi. I am facing the same problem. I think it happened when I upgraded to the latest version.

willow-god commented 5 months ago

I have solved it. I did not configure the parameter CSRF_TRUSTED_ORIGINS during the installation process. After configuring it, this problem did not occur again.

croqaz commented 5 months ago

Can confirm that it worked, I was missing CSRF_TRUSTED_ORIGINS.

milesmcc commented 5 months ago

Great; glad that you were all able to resolve the issue.

milesmcc / shynet

CSRF verification failed. Request aborted. #322