Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSRF-Error with Docker Desktop #786

Closed
3 of 14 tasks
SchinkTasia opened this issue May 31, 2024 · 11 comments
Closed
3 of 14 tasks

CSRF-Error with Docker Desktop #786

SchinkTasia opened this issue May 31, 2024 · 11 comments
Labels
docker fix Fix something that isn't working as expected

Comments

@SchinkTasia
Copy link

SchinkTasia commented May 31, 2024
edited
Loading

Describe the bug

Hi, I currently use the docker-compose.yml which is linked in the self-host documentation with the Docker Desktop Windows Software. I can´t log into the Admin panel with the http://127.0.0.1:42110 adress, because i got the "CSRF verification failed. Request aborted.". I try to add my IP to the docker-compose as environment var and disable the SSL with "KHOJ_NO_SSL="True"", and i tried "KHOJ_NO_HTTPS="True"" because in the settings.py its searching for this.

A few days ago it worked and than not anymore. i currently tried 2 different computer with the docker and non-docker installation, but each time i got the same result. When i try to connect with a custom domain from another pc i cant log in because "my credentials are wrong".

To Reproduce

I really dont know, how to reproduce this issue.

Screenshots

image

Platform

  • Server:
    • Cloud-Hosted (https://app.khoj.dev)
    • Self-Hosted Docker
    • Self-Hosted Python package
    • Self-Hosted source code
  • Client:
    • Obsidian
    • Emacs
    • Desktop app
    • Web browser
    • WhatsApp
  • OS:
    • Windows
    • macOS
    • Linux
    • Android
    • iOS

If self-hosted

  • Server Version [e.g. 1.0.1]: Khoj v1.12.1

More information

I set the environment variable KHOJ_DEBUG=True in the docker-compose.yml, but i only get one line as repsonse when i try to login which says, that someone connected. So this isn´t sadly usefully for me, currently.
@SchinkTasia SchinkTasia added the fix Fix something that isn't working as expected label May 31, 2024
@debanjum
Copy link
Member

debanjum commented Jun 1, 2024

Can you check if you can access the admin panel from localhost:42110 address instead?

@SchinkTasia
Copy link
Author

Can you check if you can access the admin panel from localhost:42110 address instead?

Hey,
I Guess i tried that and it doesnt changed much. I will try that again today. Just to be Sure.

@sabaimran
Copy link
Member

Hey @SchinkTasia , do you mind sharing the docker-compose.yml you're using? And let me know what happens when you try accessing from http://localhost:42110.

I made a small update here to the docker compose that would be worth trying: 6d10f98

@SchinkTasia
Copy link
Author

SchinkTasia commented Jun 2, 2024
edited
Loading

Hey @SchinkTasia , do you mind sharing the docker-compose.yml you're using? And let me know what happens when you try accessing from http://localhost:42110.

I made a small update here to the docker compose that would be worth trying: 6d10f98

Hi,
So i tried to connect via localhost. (in this example i keeped the settings like in the original docker-compose, just to check the functionality. I will definitiv change the user and secret) But i only get a "Please enter the correct username and password".
image

When i connect over 192.168.1.4 i got the following:
image

Following my docker-compose.yml (like i said, when i can login, i will change the login data. but even when i change it, it will be no difference at the moment.)

version: "3.9"
services:
database:
image: ankane/pgvector
ports:
- "5432:5432"
environment:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_DB: postgres
volumes:
- khoj_db:/var/lib/postgresql/data/
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres"]
interval: 30s
timeout: 10s
retries: 5
server:
depends_on:
database:
condition: service_healthy
ports:
- "42110:42110"
working_dir: /app
volumes:
- khoj_config:/root/.khoj/
- khoj_models:/root/.cache/torch/sentence_transformers
environment:
- POSTGRES_DB=postgres
- POSTGRES_USER=postgres
- POSTGRES_PASSWORD=postgres
- POSTGRES_HOST=database
- POSTGRES_PORT=5432
- KHOJ_NO_HTTPS="True"
- KHOJ_DOMAIN=192.168.1.4
- KHOJ_DJANGO_SECRET_KEY=secret
- KHOJ_DEBUG=True
- KHOJ_ADMIN_EMAIL=username@example.com
- KHOJ_ADMIN_PASSWORD=Password
command: --host="0.0.0.0" --port=42110 -vv --anonymous-mode

volumes:
khoj_config:
khoj_db:
khoj_models:

When you need something else, just tell me.

Update
I cant reproduce the error. Now i got eacht time i try to connect (with 127.0.0.1, localhost and 192.168.1.4) i got the "Please enter the correct username and password for a staff account. Note that both fields may be case-sensitive."-Message. I tried to delete both docker containers and create them from scratch and changing the credentials. Nothing works.

Console Output from khoji server:

[01:28:48.586914] INFO uvicorn.access: httptools_impl.py:437
2024-06-02 03:28:48 172.25.0.1:40942 - "POST
2024-06-02 03:28:48 /server/admin/login/?next=/serv
2024-06-02 03:28:48 er/admin/ HTTP/1.1" 200

And yeah, i got the normal frontend:
image

@SchinkTasia
Copy link
Author

Update
I tried the docker container on a different laptop with an OpenSuse Tumbleweed OS.
On this plattform everythings works fine, but sadly i cant use it, because the CPU and GPU are not powerfull enough.
And i cant change the OS of my current Windows 10 Computer.

@IMJONEZZ
Copy link

IMJONEZZ commented Jun 3, 2024
edited
Loading

I am also getting CSRF verification failures with self-hosted on Firefox on Ubuntu. It's the exact same 403, and I've checked and it seems the site doesn't ever set a cookie, even with all security turned off. Would love a fix to actually make this usable.

@debanjum
Copy link
Member

There seem to be multiple different issues being discussed here.

  1. CSRF verification error: This seems to have resolved when @SchinkTasia used localhost:42110 after Saba's fix in 6d10f98
  2. Django admin username, password are showing up as invalid. @SchinkTasia this is only happening on a Windows 10 machine (and not OpenSuse) for you?

@IMJONEZZ, are you hitting 1. or 2. (or both!)? And is this happening even after you try with localhost:42110 instead of 127.0.0.1:421100?

@IMJONEZZ
Copy link

IMJONEZZ commented Jun 13, 2024 via email

@mingLvft
Copy link

mee to

@satisl
Copy link

satisl commented Jun 15, 2024

same csrf error

@debanjum debanjum added docker fix Fix something that isn't working as expected and removed fix Fix something that isn't working as expected labels Sep 18, 2024
@debanjum
Copy link
Member

debanjum commented Sep 21, 2024
edited
Loading

Hi folks, I was able to verify that the latest Khoj run on Windows (11) + WSL2 + Docker (with WSL2 backend) does not hit the CSRF issue when accessing the admin panel at http://localhost:42110/server/admin or http://<i.p>:42110/server/admin.

When trying to access Khoj admin panel over an i.p or domain you need to ensure the environment variable KHOJ_DOMAIN=<your_i.p> in your docker-compose.yml is (correctly) set and uncommented. See the new Remote Access Doc and the updated Self Hosting Setup Docs. I've also simplified the Docker setup in #919, so configuring Khoj via the admin panel isn't necessary to get started with using self hosted Khoj

Let us know if you're still hitting the issue, where/how you're running Khoj and client or server console logs to help debug this!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
docker fix Fix something that isn't working as expected
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@debanjum @SchinkTasia @IMJONEZZ @mingLvft @sabaimran @satisl