Seafile docker 403 CSRF error after logon

daedra01 · January 23, 2023, 11:53am

Hi everyone. After fresh docker install on ubuntu 22.10 i have 403 error " Forbidden (403) CSRF verification failed. Request aborted" what i do wrong? My yml below.

daedra01 · January 23, 2023, 11:53am

version: ‘2.0’
services:
db:
image: mariadb:10.5
container_name: seafile-mysql
environment:
- MYSQL_ROOT_PASSWORD=PASSWORD # Requested, set the root’s password of MySQL service.
- MYSQL_LOG_CONSOLE=true
volumes:
- /opt/seafile-mysql/db:/var/lib/mysql # Requested, specifies the path to MySQL data persistent store.
networks:
- seafile-net

memcached:
image: memcached:1.6
container_name: seafile-memcached
entrypoint: memcached -m 512
networks:
- seafile-net

seafile:
image: seafileltd/seafile-mc:latest
container_name: seafile
ports:
- “80:80”
- “443:443” # If https is enabled, cancel the comment.
volumes:
- /opt/seafile-data:/shared # Requested, specifies the path to Seafile data persistent store.
environment:
- DB_HOST=db
- DB_ROOT_PASSWD=PASSWORD # Requested, the value shuold be root’s password of MySQL service.
- TIME_ZONE=Europe/Moscow # Optional, default is UTC. Should be uncomment and set to your local time zone.
- SEAFILE_ADMIN_EMAIL=my@gmail.com # Specifies Seafile admin user, default is ‘me@example.com’.
- SEAFILE_ADMIN_PASSWORD=PASSWORD # Specifies Seafile admin password, default is ‘asecret’.
- SEAFILE_SERVER_LETSENCRYPT=true # Whether to use https or not.
- SEAFILE_SERVER_HOSTNAME=seafile.server.com # Specifies your host name if https is enabled.
depends_on:
- db
- memcached
networks:
- seafile-net

networks:
seafile-net:

Donald_Foss · September 14, 2023, 5:14pm

Hopefully you got this figured out. If not, it’s probably because of the inverse proxy going from HTTPS to HTTP, and it’s a DJango security thing to prevent cross origin/site attacks. To correct this, you need to find the right settings.py file (there are several) and add CSRF_TRUSTED_ORIGINS=[“your.host.name”] as it’s seen from the SSL side. See stackoverflow django-returning-csrf-verification-failed-request-aborted-behind-nginx-prox (sorry, it tells me no links allowed in the post) for more info, or where I got my info from to resolve this on my side. I initially set this under seahub, because I was getting it on the UI. Hopefully I won’t need it anywhere else.