docker icon indicating copy to clipboard operation
docker copied to clipboard
verified publisher icon wger-project

CSRF Issue updated config/prod.env

Open tmania1216 opened this issue 4 months ago • 2 comments

After having this issue when trying to login, I fixed the config/prod.env as stated in documentation, for some background I'm using the docker repo, and zerotrust tunnel from cloudflare I updated the config for my domain, and local host ip. I also tried just https://localhost, https://localhost:80 and Im still getting the same issue any help would be greatly appreciated

tmania1216 avatar Aug 15 '25 03:08 tmania1216

hi! You mean you've tried the DJANGO_DEBUG "trick"? Usually accessing the app from the different locations (ip, domain, ext) adding the origins does the trick. Can you post the (redacted) value of CSRF_TRUSTED_ORIGINS just in case?

rolandgeider avatar Aug 15 '25 12:08 rolandgeider

Hi, I too am having the 'CSRF' issue on a fresh docker install. DJANGO_DEBUG does indeed show me the expected origin url, which I have placed verbatim in CSRF_TRUSTED_ORIGINS and restarted (several times).

I am trying to run wger on a private network for a few people only, so it is set up on a private IP address on an internal headless server, and HTTP (no S). There is no reverse proxy in front of wger at the moment -- I am trying to keep this simple for limited private use.

Here is my redacted prod.env section: CSRF_TRUSTED_ORIGINS=http://10.xxx.xxx.xxx:8888

I have added this override file, as described in the manual:

services:
  nginx:
    ports: !override
      - "8888:80"

I have also tried setting X_FORWARDED_PROTO_HEADER_SET=True either with, or without CSRF update, but no success.

Would really appreciate any help or advice. Thanks

cwynd avatar Aug 16 '25 19:08 cwynd