[ CSRF | Docker | Raspberry ] Seafile Server gives me a headache

Hi Community!

I try to do a PoC with Seafile and it’s REALLY annoying…

I always met the issue: “CSRF Failed: CSRF token missing or incorrect.”; so I can’t make any admin change and/or use any user feature like share file.

I Google-fu, deep search on this forum, Github and I’m surprise to not find anything…

What I did:

  • Use the Docker installation: Everything works find except the admin change and some user’s feature
  • Use the Raspberry installation: Idem
  • If I only use HTTP (locally or not), everything works fine, but I will never use any solution like that.

My configuration is not exotic: Seafile server on the backend and a Nginx server in front of the Internet.

No matter how the certificate are managed (Seafile Docker with Let’s Encrypt, Seafile Docker without Let’s Encrypt, Raspberry with my own Nginx) I always have this fuc$^*g error message:

  • CSRF Failed: CSRF token missing or incorrect

I’m sur not being alone with this issue but I’m stuck… I really love to test Seafile but i haven’t any idea on how i can handle this issue.

I have the cookie, the header seems good (eg. sfcsrftoken=MPTT0****; django_language=en; sessionid=ag665***) but I can’t do any change, once I submit the change, the request doesn’t seem to send the token: “CSRFToken:undefined”

Do you have any ideas, clues or a solution that can help me?

Thank a lot!
Reed

1 Like

Welcome to the Seafile Forum!

I understand you are upset and I guess we all sympathize with your frustration! However, you only provided a fraction of the info required for efficient debugging. Please explain in clear terms what works and what does not. Conf files are also always helpful. Additional information on your setup such as firewall, … do not do any harm.

Hello!

Thank you for your support and sorry if I were upset!

I did so many try! I will focus on the last one.

I install Raspbian on a Raspberry Pi 4:

Distributor ID: Raspbian
Description: Raspbian GNU/Linux 10 (buster)
Release: 10
Codename: buster

I install mariadb-server (via apt) and I downloaded Seafile from Github (seafile-server-7.1.5-buster-armv7.tar.gz).

I did some modification:

  • Install python3-pil and python3-crypto via apt
  • Remove PIL and Pillow-7.1.2.dist-info/ folders from seahub/thirdpart/

I launched the setup-seafile-mysql.sh and followed the process. Everything was fine, with no issue.

I edit conf/gunicorn.conf.py to add my local IP because it listen on 127.0.0.1 by default.

I started seafile.sh successfully and seahub.sh successfully to (it asked me to create the admin user).

I configured a new entry on my Nginx. For that, I take the example on https://seafile.readthedocs.io/en/latest/config/nginx/ and change the proxy_pass according the IP of my Raspberry.

I can log in successfully on my Seafile Server via WebUI via my reverse proxy. But I cannot do any admin change or use some features (eg. Create share link). I cannot edit the SERVICE_URL or the FILE_ SERVER_ROOT for example.

The error message is: {“detail”:“CSRF Failed: CSRF token missing or incorrect.”}

If I do the same locally (without http, eg http://10.x.x.x:8000), it works well and I can edit the admin page.

Once I edit SERVICE_URL or the FILE_SERVER_ROOT, I can connect with an Android phone and sync some folder (Edit: Worked with the Docker installation (see below), not working with the Raspberry installation as I don’t check right now).

I tried so many thing… I started with Docker, with the official image. Everything works fine except the modification on the admin WebUI and the feature (eg. Share), the exact same error message as the one I meet now with Raspberry.

A request seems like this:

  • Connection to https://myseafile.domain.com
  • Request is received by the Nginx reverse proxy
  • Nginx forward the request (TCP/443) to the Seafile server (TCP/8000) (Raspberry)

When writing this line, maybe I should setup HTTPS on the Seafile Server but I honestly doubt because when I tried with Docker, HTTPS was configured on the Seafile Docker:

  • Connection to https://myseafile.domain.com
  • Request is received by the Nginx reverse proxy
  • Nginx forward the request (TCP/443) to the Seafile server (TCP/443) (Docker)
  • Seafile (Docker) use Nginx to forward the request TCP/443 to 127.0.0.1:8000

Which give the same behaviour… (I also tried to change the Seafile Nginx configuration without success, I always had the CSRF issue).

Hope it’s more clear. I can give parts of my configuration but there is nothing special. Install is done from scratch but don’t hesitate if you need more details!

Thanks a lot!

Reed

Edit: I also tried to disable the CSRF check by commenting django.middleware.csrf.CsrfViewMiddleware without success.

Hello,

Sorry for the late reply but I have recently had the same headaches with the same CSRF errors…
Once I had changed SERVICE_URL and FILE_SERVER_ROOT from Seahub to the right values, the problem was over.
If you put :

Does it make any difference for you ?

1 Like