Forbidden (403) CSRF verification failed. Request aborted.

[puffpants]

After using the Quick Install with Installer on Debian 12, everything seems to install correctly and I am presented with the web interface, however I get a Forbidden (403) CSRF verification failed. Request aborted. when using the default credentials, admin:admin. what logs or additional information would be needed to troubleshoot.

WEBVIRTCLOUD

  Welcome to Webvirtcloud Installer for RHEL&Alternatives, Fedora, Debian and Ubuntu!

      WEBVIRTCLOUD

  Welcome to Webvirtcloud Installer for RHEL&Alternatives, Fedora, Debian and Ubuntu!

  The installer has detected Debian version 12 codename bookworm.
  Q. Do you want to configure fqdn for Nginx? (y/n) y
  Q. What is the FQDN of your server? (debian-host.intra.XXXXX.com):
     Setting to debian-host.intra.XXXXX.com

  Q. NOVNC service port number?(Default: 6080)
     Setting novnc service port 6080

  Q. NOVNC public port number for reverse proxy(e.g: 80 or 443)?(Default: 6080)
     Setting novnc public port 6080

  Q. NOVNC host listen ip?(Default: 0.0.0.0) 192.168.20.100
     Setting novnc host ip 192.168.20.100

* Updating installed packages./
*  Installing OS requirements.
  * git already installed
  * virtualenv already installed
  * python3-virtualenv already installed
  * python3-dev already installed
  * python3-lxml already installed
  * libvirt-dev already installed
  * zlib1g-dev already installed
  * libxslt1-dev already installed
  * nginx already installed
  * supervisor already installed
  * libsasl2-modules already installed
  * gcc already installed
  * pkg-config already installed
  * python3-guestfs already installed
  * uuid already installed
* Setting up hosts file.
* Creating webvirtcloud user.
adduser: The user `wvcuser' already exists.
* Cloning webvirtcloud from github to the web directory.
* Configuring settings.py file.
* Secret for Django generated: $y)%o599a9%yll6fgsor5as7_6=(b8+l+lw_dr^lu672$q31gg
* Activate virtual environment.
created virtual environment CPython3.11.2.final.0-64 in 246ms
  creator CPython3Posix(dest=/srv/webvirtcloud/venv, clear=False, no_vcs_ignore=False, global=False)
  seeder FromAppData(download=False, pip=bundle, setuptools=bundle, wheel=bundle, via=copy, app_data_dir=/root/.local/share/virtualenv)
    added seed packages: Django==4.2.4, Markdown==3.4.4, PyYAML==6.0.1, annotated_types==0.5.0, asgiref==3.7.2, bidict==0.22.1, certifi==2023.7.22, charset_normalizer==3.2.0, django_bootstrap5==23.3, django_bootstrap_icons==0.8.3, django_login_required_middleware==0.9.0, django_otp==1.2.2, django_qr_code==3.1.1, djangorestframework==3.14.0, dnspython==2.4.2, drf_nested_routers==0.93.4, drf_yasg==1.21.7, eventlet==0.33.3, greenlet==2.0.2, gunicorn==21.2.0, idna==3.4, inflection==0.5.1, ldap3==2.9.1, libsass==0.22.0, libvirt_python==9.6.0, lxml==4.9.3, numpy==1.25.2, packaging==23.1, pip==23.0.1, pyasn1==0.5.0, pydantic==2.3.0, pydantic_core==2.6.3, pypng==0.20220715.0, python_engineio==4.5.1, python_socketio==5.8.0, pytz==2023.3, qrcode==7.4.2, requests==2.31.0, rwlock==0.0.7, segno==1.5.2, setuptools==66.1.1, six==1.16.0, sqlparse==0.4.4, typing_extensions==4.7.1, uritemplate==4.1.1, urllib3==2.0.4, websockify==0.10.0, wheel==0.38.4, zipp==3.16.2
  activators BashActivator,CShellActivator,FishActivator,NushellActivator,PowerShellActivator,PythonActivator
* Install App's Python requirements.
Requirement already satisfied: pip in ./venv/lib/python3.11/site-packages (23.0.1)
Collecting pip
  Using cached pip-23.2.1-py3-none-any.whl (2.1 MB)
Installing collected packages: pip
  Attempting uninstall: pip
    Found existing installation: pip 23.0.1
    Uninstalling pip-23.0.1:
      Successfully uninstalled pip-23.0.1
Successfully installed pip-23.2.1
* Django Migrate.
No changes detected
Operations to perform:
  Apply all migrations: accounts, admin, appsettings, auth, computes, contenttypes, instances, interfaces, logs, networks, otp_totp, sessions, storages
Running migrations:
  No migrations to apply.
! SHOW_PROFILE_EDIT_PASSWORD is found inside settings.py
* Applying permission can_change_password for all users
! Warning!!! Setting to True for all users
! Don`t forget to remove the option from settings.py
* Django Collect Static

0 static files copied to '/srv/webvirtcloud/static', 70 unmodified.
* Configuring Nginx.
  * Copying Nginx configuration
* Configuring Supervisor.
  * Copying supervisor configuration
* Setting Supervisor to start on boot and restart.
* Setting Nginx to start on boot and starting Nginx.

  ***Open http://debian-host.intra.XXXXX.com to login to webvirtcloud.***

* Cleaning up...
* Finished!

[puffpants]

I have reinstalled using the manual method and all went well, but i am seeing the same issue. i have enabled Debug and see this:

[puffpants]

adding this:

to the setings.py seems to have fixed, but from reading this should not have been needed, nor does it seem to be the "right" way. ill leave this open to see why it had to be done manually, or for it to be added to the instructions.

[puffpants]

to follow up again, I am able to get into the web interface, but when trying to add a server, the local host, i get this error:

I will note that the last step of the install is not able to finish:

    USER@debian-host:/etc/default$ wget -O - https://bit.ly/36baWUu | sudo sh
    --2023-09-04 20:02:52--  https://bit.ly/36baWUu
    Resolving bit.ly (bit.ly)... 67.199.248.11, 67.199.248.10
    Connecting to bit.ly (bit.ly)|67.199.248.11|:443... connected.
    HTTP request sent, awaiting response... 301 Moved Permanently
    Location: https://raw.githubusercontent.com/retspen/webvirtcloud/master/dev/libvirt-bootstrap.sh [following]
    --2023-09-04 20:02:52--  https://raw.githubusercontent.com/retspen/webvirtcloud/master/dev/libvirt-bootstrap.sh
    Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.108.133, 185.199.109.133, 185.199.111.133, ...
    Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.108.133|:443... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 32168 (31K) [text/plain]
    Saving to: ‘STDOUT’

    -                                                         100%[====================================================================================================================================>]  31.41K  --.-KB/s    in 0.004s

    2023-09-04 20:02:52 (6.95 MB/s) - written to stdout [32168/32168]

     *  INFO: Found function install_debian
    sh: 48: [: Illegal number:
     *  INFO: Running install_debian()
    Hit:1 http://deb.debian.org/debian bookworm InRelease
    Hit:2 http://security.debian.org/debian-security bookworm-security InRelease
    Hit:3 http://deb.debian.org/debian bookworm-updates InRelease
    Hit:4 https://dl.google.com/linux/chrome/deb stable InRelease
    Reading package lists... Done
    Reading package lists... Done
    Building dependency tree... Done
    Reading state information... Done
    Note, selecting 'qemu-system-x86' instead of 'qemu-kvm'
    Package qemu is not available, but is referred to by another package.
    This may mean that the package is missing, has been obsoleted, or
    is only available from another source

    E: Package 'qemu' has no installation candidate
     * ERROR: Failed to run install_debian()!!!

[catborise]

there is some changes in debian 12 package names. i will fix it. thanks. also django CSRF verification changes exist. we must add CSRF_TRUSTED_ORIGINS to settings.py

[catborise]

@puffpants i think all problems are solved. you can try with latest.. cheers

[puffpants]

@catborise I have reinstalled via manual method.

i can see that CSRF_TRUSTED_ORIGINS = ['http://localhost',] has been added to the settings.py file, but this only allows for access from the local system. This is better, but a step should probably be added to either edit the hostname, or have it pull it in automatically somehow.

I was now able to run the "setup libvirt and KVM on server" without issue.

wget -O - https://bit.ly/36baWUu | sudo sh

With that said I am able to log in, but wen I try to add the host server, still get errors:

TCP:

SSH:

TLS:

Local:

If there are post install / setup steps i have missed, can you please link them?

Thanks!

[puffpants]

I found the info to make the SSH keys lower down. all is working now. Thanks!