403 Forbidden, CSRF verification failed. Referer checking failed, does not match trusted origins

Please check our FAQ: Seafile FAQ & Known-Issues

In you modified the port mapping, the origin field in the HTTP header received by Django is http{s}://{ip_or_domain}:20080 and the host field in HTTP header is {ip_or_domain} without the custom port. This mismatch results in a CSRF error.

However, in the original HTTP request sent by the browser, the origin and host fields are both http{s}://{ip_or_domain}:20080 . The mismatch is caused by the wrong Nginx setting.

You can correct it by changing Nginx config to the following:

  location / {

        ...

        proxy_set_header Host $http_host;

        ....

The old one is proxy_set_header Host $host; , which does not pass the port part to Django.

1 Like