mljar / mercury

Convert Jupyter Notebooks to Web Apps
https://RunMercury.com
GNU Affero General Public License v3.0
4.02k stars 255 forks source link

Django CSRF #300

Open c157fl opened 1 year ago

c157fl commented 1 year ago

As requested on

https://github.com/mljar/mercury/issues/299

I also try to access django admin and get CSRF verification failed even though new to django I improvised a change on mercury/server/settings.py adding CSRF_TRUSTED_ORIGINS since creating such a file in the main folder was also not having effect. Neither option worked.

Forbidden (403)
CSRF verification failed. Request aborted.

Help
Reason given for failure:

Origin checking failed - _https://xxxxxxxxxx.xxxxx.xxx_ does not match any trusted origins.

Created a settings.py in the folder where mercury runs with:

CSRF_TRUSTED_ORIGINS = [
    "https://xxxxxxxxxx.xxxxx.xxx", "http://xxxxxxxxxx.xxxxx.xxx",
    ]

And also added same for:

.venv/lib/python3.10/site-packages/django/conf/global_settings.py
.venv/lib/python3.10/site-packages/mercury/server/settings.py
.venv/lib64/python3.10/site-packages/django/conf/global_settings.py
.venv/lib64/python3.10/site-packages/mercury/server/settings.py

Even though not proper but wanted to see if it would be possible to do a quick fix.

I'm running mercury as mercury run 0.0.0.0:8000 --verbose in a docker container attached to nginx proxy manager.

pplonski commented 1 year ago

After update to Django >= 4.0 we need to set CSRF_TRUSTED_ORIGIN. Please add it as env variable to be set.

https://stackoverflow.com/questions/70285834/forbidden-403-csrf-verification-failed-request-aborted-reason-given-for-fail

fightpf commented 9 months ago

I am encountering the same issue, and can't find the setting.py file mentioned in Stack Overflow which file should add CSRF_TRUSTED_ORIGINS?

pplonski commented 9 months ago

Hi @fightpf,

Here is settings.py file https://github.com/mljar/mercury/blob/main/mercury/server/settings.py

fightpf commented 9 months ago

@pplonski Thank you for your response, it is helpful to me!