Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Scan history: CSRF error - <url> not in list of trusted origins #2522

Open
xofolowski opened this issue Sep 30, 2024 · 2 comments
Open

Scan history: CSRF error - <url> not in list of trusted origins #2522

xofolowski opened this issue Sep 30, 2024 · 2 comments
Labels
bug Something isn't working

Comments

@xofolowski
Copy link

What happened

After setup, intelowl seems to be fully functional when being accessed through a fully qualified domain name via an external SSL enabled reverse proxy. However, on the /scan page, the frontend shows a CSRF error message in the scan history area, complaining about the URL I'm using to access intelowl not being contained in the list of trusted origins.

Environment

  1. OS: Debian 12.5
  2. IntelOwl version: 6.1.0

What did you expect to happen

Scan history should be displayed.

How to reproduce your issue

  • configure intelowl with a fully qualified domain name (INTELOWL_WEB_CLIENT_DOMAIN in env, server_name in nginx configuration files)
  • configure included nginx to serve app on port 80 via plain http; container connected to an additional external docker network
  • configure an already existing second nginx container on that external docker network to act as an SSL enabled reverse proxy for intelowl and multiple additional services
  • set HTTPS_ENABLED=True in environment

Error messages and logs

[CSRF Failed: Origin checking failed - https://<fqdn> does not match any trusted origins]

Potential Solution / Workaround

I was able to get around the issue by applying the following patch to intel_owl/settings/security.py and rebuilding the service:

diff --git a/intel_owl/settings/security.py b/intel_owl/settings/security.py
index e739d463..0e6b4f43 100644
--- a/intel_owl/settings/security.py
+++ b/intel_owl/settings/security.py
@@ -19,6 +19,7 @@ else:
     WEB_CLIENT_URL = f"http://{WEB_CLIENT_DOMAIN}"

 CSRF_COOKIE_SAMESITE = "Strict"
+CSRF_TRUSTED_ORIGINS = [f"{WEB_CLIENT_URL}"]

 if STAGE_LOCAL:
     # required to allow requests from port 3001 (frontend development)
@xofolowski xofolowski added the bug Something isn't working label Sep 30, 2024
@mlodic
Copy link
Member

mlodic commented Oct 18, 2024
edited
Loading

hey thanks for reporting! considering that you found the issue, would you like to open a little PR about that? so you can become an official contributor!

xofolowski added a commit to xofolowski/IntelOwl that referenced this issue Oct 22, 2024
@xofolowski
Proposed fix for issue intelowlproject#2522
b3c5482
@xofolowski xofolowski mentioned this issue Oct 22, 2024
Merged
23 tasks
@xofolowski
Copy link
Author

Hi, well, guess that was not a major contribution ;-)
I've created #2551
Apologies if anything is missing - I'm kind of a very basic git user and not yet that experienced with contributing to projects.

mlodic pushed a commit that referenced this issue Oct 23, 2024
@xofolowski
Proposed fix for issue #2522 (#2551)
d9b170f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@xofolowski @mlodic