Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSRF token #8439

Closed
1 of 7 tasks
Sube22 opened this issue Nov 6, 2024 · 3 comments
Closed
1 of 7 tasks

CSRF token #8439

Sube22 opened this issue Nov 6, 2024 · 3 comments
Labels
docker Docker / docker-compose question This is a question setup Relates to the InvenTree setup / installation process

Comments

@Sube22
Copy link

Sube22 commented Nov 6, 2024
edited
Loading

Deployment Method

  • Installer
  • Docker Development
  • Docker Production
  • Bare metal Development
  • Bare metal Production
  • Digital Ocean image
  • Other (please provide a link Steps to Reproduce

Describe the problem*

Hi!
My problem is that I can't log in and try as I might, I can't solve it.
I can't log in with the old UI, but I can with the new one. With the old one I get an "Authentication failure" in the log and "Forbidden (CSRF cookie not set.): /accounts/login/", but with the new platform I can log in.!
`# Site URL - update this to match your host

I run this behind traefik and I also use cloudflare proxy.
InvenTree version: 0.16.7

#INVENTREE_SITE_URL="http://localhost"
INVENTREE_SITE_URL="http://stock.domain.tld"

COMPOSE_PROJECT_NAME=inventree

INVENTREE_WEB_PORT=1020
INVENTREE_TAG=0.16.7
#INVENTREE_ALLOWED_HOSTS=localhost
#INVENTREE_ALLOWED_HOSTS=stock.domain.tld
#INVENTREE_ALLOWED_HOSTS=*
#INVENTREE_TRUSTED_ORIGINS=['http://localhost:1020', 'http://localhost']
INVENTREE_TRUSTED_ORIGINS='https://stock.domain.tld,https://domain.tld,http://localhost,http://localhost:1020,http://192.168.80.5,http://192.168.80.5:8000,http://inventree-server:8000'
#INVENTREE_TRUSTED_ORIGINS="https://stock.domain.tld"
#INVENTREE_CORS_ORIGIN_ALLOW_ALL=True
#INVENTREE_USE_X_FORWARDED_HOST=True
#INVENTREE_USE_X_FORWARDED_PORT=True
INVENTREE_CORS_ORIGIN_WHITELIST=https://stock.domain.tld`

Image

PS: In TRUSTED_ORIGINS => I added everything I tried

Steps to Reproduce

Setup Inventree in docker and after setup, unable to login

Relevant log output

Forbidden (CSRF cookie not set.): /accounts/login/
@Sube22 Sube22 added question This is a question setup Relates to the InvenTree setup / installation process triage:not-checked Item was not checked by the core team labels Nov 6, 2024
@SchrodingersGat
Copy link
Member

In the 0.16.7 release notes there is a breaking change which is likely related to this.

You should change the value of INVENTREE_COOKIE_SAMESITE - as per the changelog in the linked release. This should address the issue for you, I think.

@SchrodingersGat SchrodingersGat added docker Docker / docker-compose and removed triage:not-checked Item was not checked by the core team labels Nov 6, 2024
@Sube22
Copy link
Author

Sube22 commented Nov 6, 2024

Okay, you've solved in ~two seconds a problem that I've been struggling with for two days. Thank you very much @SchrodingersGat

@Sube22 Sube22 closed this as completed Nov 6, 2024
@SchrodingersGat
Copy link
Member

@Sube22 happy to help :) And make sure to read the release notes when you update ;)

@SchrodingersGat SchrodingersGat mentioned this issue Nov 6, 2024
Merged
@SchrodingersGat SchrodingersGat mentioned this issue Dec 4, 2024
Closed
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
docker Docker / docker-compose question This is a question setup Relates to the InvenTree setup / installation process
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@SchrodingersGat @Sube22