Solved: 403 Forbidden after upgrade to 6.3.1


#1

After upgrading Seafile CE from 6.2.5 to 6.3.1 I can’t connect to the web interface any more. The browser shows this error message: "Forbidden (403) CSRF-verification failed.
This is what I found in seahub.log:
[WARNING] django.security.csrf:160 _reject Forbidden (Referer checking failed - https://mydomain.spdns.org/seafile/accounts/login/?next=/seafile/ does not match any trusted origins.): /seafile/accounts/login/
[WARNING] django.request:152 get_response Not Found: /seafile/api2/events/
Some information about my setup:

  • Seafile CE for Ubuntu
  • Nginx
  • non-root domain /seafile
  • https with let’s encrypt certificate

Where should I start investigating? Any help would be appreciated.


#3

Am I the only one facing this problem? In seahub_django_request.log I found this:

[WARNING] django.request:98 _reject Forbidden (CSRF token missing or incorrect.): /seafile/accounts/login/

Asking google didn’t get me any useful information. After downgrading to 6.2.5 everything works as usual. Is this error related to django or should I check my nginx config?


#4

Can you please post your seahub_setting.py and nginx config?


#5

Hi @Tjelfe

root@hiperborea /home/seafile/conf # cat seahub_settings.py
SECRET_KEY = "hasfhdsöoufhdsauöahgöusaihgöashuög"
##################################
# Deploy Seahub at Non-root domain
##################################
# This documentation will talk about how to deploy Seafile Web using Apache/Nginx
# at Non-root directory of the website(e.g., www.example.com/seafile/).
# Please note that the file server path will still be e.g. www.example.com/seafhttp
# (rather than www.example.com/seafile/seafhttp) because this path is hardcoded in the clients.
#
# non-root domain mandatory parameters:
# mostly forgotten parameter:
FILE_SERVER_ROOT = 'https://notimportant.de/seafhttp'
SERVE_STATIC = False
MEDIA_URL = '/seafmedia/'
COMPRESS_URL = MEDIA_URL
STATIC_URL = MEDIA_URL + 'assets/'
SITE_ROOT = '/seafile/'
# Since version 5.0.4 we need to define this as well:
LOGIN_URL = '/seafile/accounts/login/'               # tjelfe maybe this is missing ????
#
# Enable cloude mode and hide `Organization` tab.
CLOUD_MODE = True
#
#
# mail parameters:
EMAIL_USE_TLS = True
EMAIL_HOST = 'smtp.gmail.com'
EMAIL_HOST_USER = 'sldfjöldsafas@gmail.com'
EMAIL_HOST_PASSWORD = 'jdshöfahdfuhasöf'
EMAIL_PORT = 587
DEFAULT_FROM_EMAIL = EMAIL_HOST_USER
SERVER_EMAIL = EMAIL_HOST_USER
#
#
# Define timezone
TIME_ZONE = 'Europe/Berlin'
#
# Online preview maximum file size, defaults to 30M.
# Note, this option controls files that can be previewed online, like pictures, txt, pdf.
# In pro edition, for preview doc/ppt/excel/pdf, there is another option `max-size`
# in seafevents.conf that controls the limit of files that can be previewed.
# set this to 3GB
FILE_PREVIEW_MAX_SIZE = 3000 * 1024 * 1024
#
# database parameters
DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.mysql',
        'NAME': 'seahub-db',
        'USER': 'seafile',
        'PASSWORD': 'dsjöflsjfhsadfhas',
        'HOST': '/var/run/mysqld/mysqld.sock'
    }
}
# remplaced  'HOST': '127.0.0.1' and 'PORT': '3306', by 'HOST': '/var/run/mysqld/mysqld.sock',
#
#
# define memcached:
# dependences ...
CACHES = {
    'default': {
        'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
        'LOCATION': 'unix:/var/run/memcached.sock'
    }
}
# remplaced 'LOCATION': '127.0.0.1:11211' by 'LOCATION': 'unix:/media/usbfestplatte/memcached.sock'
# Seahub caches items (avatars, profiles, etc) on the file system in /tmp/seahub_cache/ by default. You can replace it with Memcached
#ENABLE_VIDEO_THUMBNAIL = true

# new on 25.09.2017
# Enable or disable thumbnails
# NOTE: since version 4.0.2
ENABLE_THUMBNAIL = True

# Seafile only generates thumbnails for images smaller than the following size.
THUMBNAIL_IMAGE_SIZE_LIMIT = 100 # MB

# Enable or disable thumbnail for video. ffmpeg and moviepy should be installed first.
# For details, please refer to https://manual.seafile.com/deploy/video_thumbnails.html
# NOTE: since version 6.1
#ENABLE_VIDEO_THUMBNAIL = True

# Use the frame at 10 second as thumbnail
#THUMBNAIL_VIDEO_FRAME_TIME = 10

# Absolute filesystem path to the directory that will hold thumbnail files.
#THUMBNAIL_ROOT = '/media/sda/seafile/videos/'

# Default size for picture preview. Enlarge this size can improve the preview quality.
# NOTE: since version 6.1.1
#THUMBNAIL_SIZE_FOR_ORIGINAL = 1024

# Enable Wiki
ENABLE_WIKI = True

#7

At last I found the solution. I had to replace
proxy_set_header Host $host:$server_port;
with
proxy_set_header Host $host;
in nginx config.
Thanks for your hints.