CSRF-Error with Docker Desktop

[SchinkTasia]

Describe the bug

Hi, I currently use the docker-compose.yml which is linked in the self-host documentation with the Docker Desktop Windows Software. I can´t log into the Admin panel with the http://127.0.0.1:42110 adress, because i got the "CSRF verification failed. Request aborted.". I try to add my IP to the docker-compose as environment var and disable the SSL with "KHOJ_NO_SSL="True"", and i tried "KHOJ_NO_HTTPS="True"" because in the settings.py its searching for this.

A few days ago it worked and than not anymore. i currently tried 2 different computer with the docker and non-docker installation, but each time i got the same result. When i try to connect with a custom domain from another pc i cant log in because "my credentials are wrong".

To Reproduce

I really dont know, how to reproduce this issue.

Screenshots

Platform

• Server:
  • [ ] Cloud-Hosted (https://app.khoj.dev)
  • [X] Self-Hosted Docker
  • [ ] Self-Hosted Python package
  • [ ] Self-Hosted source code
• Client:
  • [ ] Obsidian
  • [ ] Emacs
  • [ ] Desktop app
  • [X] Web browser
  • [ ] WhatsApp
• OS:
  • [X] Windows
  • [ ] macOS
  • [ ] Linux
  • [ ] Android
  • [ ] iOS

If self-hosted

• Server Version [e.g. 1.0.1]: Khoj v1.12.1

More information

I set the environment variable KHOJ_DEBUG=True in the docker-compose.yml, but i only get one line as repsonse when i try to login which says, that someone connected. So this isn´t sadly usefully for me, currently.

[debanjum]

Can you check if you can access the admin panel from localhost:42110 address instead?

[SchinkTasia]

Can you check if you can access the admin panel from localhost:42110 address instead?

Hey, I Guess i tried that and it doesnt changed much. I will try that again today. Just to be Sure.

[sabaimran]

Hey @SchinkTasia , do you mind sharing the docker-compose.yml you're using? And let me know what happens when you try accessing from http://localhost:42110.

I made a small update here to the docker compose that would be worth trying: https://github.com/khoj-ai/khoj/commit/6d10f98498fe8ca4c4c6f086e6f9b8e9b8aad420

[SchinkTasia]

Hey @SchinkTasia , do you mind sharing the docker-compose.yml you're using? And let me know what happens when you try accessing from http://localhost:42110.

I made a small update here to the docker compose that would be worth trying: 6d10f98

Hi, So i tried to connect via localhost. (in this example i keeped the settings like in the original docker-compose, just to check the functionality. I will definitiv change the user and secret) But i only get a "Please enter the correct username and password".

When i connect over 192.168.1.4 i got the following:

Following my docker-compose.yml (like i said, when i can login, i will change the login data. but even when i change it, it will be no difference at the moment.)

version: "3.9" services: database: image: ankane/pgvector ports: - "5432:5432" environment: POSTGRES_USER: postgres POSTGRES_PASSWORD: postgres POSTGRES_DB: postgres volumes: - khoj_db:/var/lib/postgresql/data/ healthcheck: test: ["CMD-SHELL", "pg_isready -U postgres"] interval: 30s timeout: 10s retries: 5 server: depends_on: database: condition: service_healthy ports: - "42110:42110" working_dir: /app volumes: - khoj_config:/root/.khoj/ - khoj_models:/root/.cache/torch/sentence_transformers environment: - POSTGRES_DB=postgres - POSTGRES_USER=postgres - POSTGRES_PASSWORD=postgres - POSTGRES_HOST=database - POSTGRES_PORT=5432 - KHOJ_NO_HTTPS="True" - KHOJ_DOMAIN=192.168.1.4 - KHOJ_DJANGO_SECRET_KEY=secret - KHOJ_DEBUG=True - [email protected] - KHOJ_ADMIN_PASSWORD=Password command: --host="0.0.0.0" --port=42110 -vv --anonymous-mode

volumes: khoj_config: khoj_db: khoj_models:

When you need something else, just tell me.

Update I cant reproduce the error. Now i got eacht time i try to connect (with 127.0.0.1, localhost and 192.168.1.4) i got the "Please enter the correct username and password for a staff account. Note that both fields may be case-sensitive."-Message. I tried to delete both docker containers and create them from scratch and changing the credentials. Nothing works.

Console Output from khoji server:

[01:28:48.586914] INFO uvicorn.access: httptools_impl.py:437 2024-06-02 03:28:48 172.25.0.1:40942 - "POST
2024-06-02 03:28:48 /server/admin/login/?next=/serv
2024-06-02 03:28:48 er/admin/ HTTP/1.1" 200

And yeah, i got the normal frontend:

[SchinkTasia]

Update I tried the docker container on a different laptop with an OpenSuse Tumbleweed OS. On this plattform everythings works fine, but sadly i cant use it, because the CPU and GPU are not powerfull enough. And i cant change the OS of my current Windows 10 Computer.

[IMJONEZZ]

I am also getting CSRF verification failures with self-hosted on Firefox on Ubuntu. It's the exact same 403, and I've checked and it seems the site doesn't ever set a cookie, even with all security turned off. Would love a fix to actually make this usable.

[debanjum]

There seem to be multiple different issues being discussed here.

1. CSRF verification error: This seems to have resolved when @SchinkTasia used localhost:42110 after Saba's fix in 6d10f98
2. Django admin username, password are showing up as invalid. @SchinkTasia this is only happening on a Windows 10 machine (and not OpenSuse) for you?

@IMJONEZZ, are you hitting 1. or 2. (or both!)? And is this happening even after you try with localhost:42110 instead of 127.0.0.1:421100?

[IMJONEZZ]

I’m not sure which I’m hitting, because the error is a 403 connection, but the stack trace says CSRF verification error. For me it happens regardless of browser or port, I’ve confirmed it doesn’t work on chrome or port 42110 either.

Dňa št 13. 6. 2024 o 8:04 Debanjum @.***> napísala(a):

There seem to be multiple different issues being discussed here.

1. CSRF verification error: This seems to have resolved when @SchinkTasia https://github.com/SchinkTasia used localhost:42110 after Saba's fix in 6d10f98 https://github.com/khoj-ai/khoj/commit/6d10f98498fe8ca4c4c6f086e6f9b8e9b8aad420
2. Django admin username, password are showing up as invalid. @SchinkTasia https://github.com/SchinkTasia this is only happening on a Windows 10 machine (and not OpenSuse) for you?

@IMJONEZZ https://github.com/IMJONEZZ, are you hitting 1. or 2. (or both!)? And is this happening even after you try with localhost:42110 instead of 127.0.0.1:421100?

— Reply to this email directly, view it on GitHub https://github.com/khoj-ai/khoj/issues/786#issuecomment-2165773409, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALEZCMGMJVCSKBH7RVQCTGDZHGRGNAVCNFSM6AAAAABISY43XWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNRVG43TGNBQHE . You are receiving this because you were mentioned.Message ID: @.***>

[mingLvft]

mee to

[satisl]

same csrf error

[debanjum]

Hi folks, I was able to verify that the latest Khoj run on Windows (11) + WSL2 + Docker (with WSL2 backend) does not hit the CSRF issue when accessing the admin panel at http://localhost:42110/server/admin or http://<i.p>:42110/server/admin.

When trying to access Khoj admin panel over an i.p or domain you need to ensure the environment variable KHOJ_DOMAIN=<your_i.p> in your docker-compose.yml is (correctly) set and uncommented. See the new Remote Access Doc and the updated Self Hosting Setup Docs. I've also simplified the Docker setup in #919, so configuring Khoj via the admin panel isn't necessary to get started with using self hosted Khoj

Let us know if you're still hitting the issue, where/how you're running Khoj and client or server console logs to help debug this!