Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSRF Failed: Origin checking failed - [domain url] does not match any trusted origins #8782

Open
2 tasks done
Shreyamitti opened this issue Dec 5, 2024 · 0 comments
Open
2 tasks done

CSRF Failed: Origin checking failed - [domain url] does not match any trusted origins #8782

Shreyamitti opened this issue Dec 5, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@Shreyamitti
Copy link

Actions before raising this issue

  • I searched the existing issues and did not find anything similar.
  • I read/searched the docs

Steps to Reproduce

image
Installed CVAT version 2.10.1 using Docker, cloned from GitHub, and followed the "Quick Installation Guide" meticulously.
Specified the CVAT_HOST environment variable with my custom domain name which has the DNS record of the external IP of my instance.
Logged into the application successfully.
Navigated to the admin page and accessed user properties successfully.
Attempted to save changes in the admin interface via the SAVE button.
Observed Behavior:
When I try to make any changes or click on "edit" icon on any of the existing tasks, I see the below error
"CSRF Failed: Origin checking failed - [domain url] does not match any trusted origins"

Expected Behavior

POST operations from the /admin page should not encounter a CSRF verification failure since access to the rest of the application works as expected.

Possible Solution

I reviewed a similar GitHub issue (#7382) and followed the suggested troubleshooting steps.
Made changes in settings.py:
Added my domain to CSRF_TRUSTED_ORIGINS.
Verified that the ALLOWED_HOSTS configuration is correct.
Followed the CVAT installation guide meticulously from https://docs.cvat.ai/docs/administration/basics/installation/

Context

Environment Variable:
Exported the CVAT_HOST environment variable and set it to my domain. All data was accessible, but the CSRF error persists during admin edits.
Public IP vs. Domain:
When accessing via the public IP of the instance, the issue is not reproducible.
However, the error consistently occurs when using my custom domain name.
Base URL in docker-compose.yml:
Updated the CVAT server section in the docker-compose.yml file, adding the base_url parameter. However, the issue persists.
Example: Allowed origins are already set to *.

Environment

Conclusion
This issue seems isolated to using a custom domain and appears to be a bug in how CVAT handles trusted origins or CSRF checks with domain names.
Additional steps were followed, but the problem persists when using the domain, even though the application works otherwise.
@Shreyamitti Shreyamitti added the bug Something isn't working label Dec 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Shreyamitti