Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

unexpected behavior - adding CSRF_TRUSTED_ORIGINS = ["https://seafile.example.com"] to seahub_settings.py #2829

Open
popbangshwang opened this issue Sep 30, 2024 · 0 comments

Comments

@popbangshwang
Copy link

popbangshwang commented Sep 30, 2024

I have some unexpected behavior when adding CSRF_TRUSTED_ORIGINS = ["https://seafile.example.com"] to seahub_settings.py
I am adding this, based on this - #2707
I'm running traefik

After modifying seahub_settings.py I'm then able to access seafile through the proxy, however the top right menu for 'settings' etc is missing (labeled 'avatar' in the image below). However, if I bypass the proxy (with CSRF_TRUSTED_ORIGINS = ["https://seafile.example.com"] defined) - The menu is available.

Impact: Unable to logout, unable to perform admin tasks, unable manage user settings

Bypass proxy -:
image

Using proxy -:
image

This is my docker-compose.yml

services:
  db:
    image: mariadb:10.11
    container_name: seafile-mysql
    environment:
      - MYSQL_ROOT_PASSWORD=secretpassword  # Required, set the root's password of MySQL service.
      - MYSQL_LOG_CONSOLE=true
      - MARIADB_AUTO_UPGRADE=1
    volumes:
      - /opt/seafile/seafile-mysql/db:/var/lib/mysql  # Required, specifies the path to MySQL data persistent store.
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - seafile-net
#      - traefik
  memcached:
    image: memcached:1.6.18
    container_name: seafile-memcached
    entrypoint: memcached -m 256
    networks:
      - seafile-net
#      - traefik
  seafile:
    image: seafileltd/seafile-mc:11.0-latest
    container_name: seafile
    ports:
      - "8081:80"
#     - "443:443"  # If https is enabled, cancel the comment.
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.seafile.rule=Host(`seafile.mydomain.xyz`)" # && (PathPrefix(`/login`))"
      - "traefik.http.routers.seafile.tls=true"
      - "traefik.http.routers.seafile.entrypoints=websecure"
      - "traefik.http.routers.seafile.tls.certresolver=myresolver"
      - "traefik.http.services.seafile.loadbalancer.server.port=80"
      - "traefik.docker.network=traefik"
    volumes:
      - /tragopan-share/seafile:/shared   # Required, specifies the path to Seafile data persistent store.
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      - DB_HOST=db
      - DB_ROOT_PASSWD=secretpassword  # Required, the value should be root's password of MySQL service.
      - TIME_ZONE=Etc/UTC  # Optional, default is UTC. Should be uncomment and set to your local time zone.
      - SEAFILE_ADMIN_EMAIL=admin@mydomain.xyz # Specifies Seafile admin user, default is 'me@example.com'.
      - SEAFILE_ADMIN_PASSWORD=secretpassword     # Specifies Seafile admin password, default is 'asecret'.
      - SEAFILE_SERVER_LETSENCRYPT=false   # Whether to use https or not.
      - SEAFILE_SERVER_HOSTNAME=turkey.local # Specifies your host name if https is enabled.
    depends_on:
      - db
      - memcached
    networks:
      - traefik
      - seafile-net

networks:
  seafile-net:
  traefik:
    external: true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant