Django and Header Environment Variables CSRF_TRUSTED_ORIGINS not respected; CSRF error 403; X_FORWARDED_PROTO_HEADER_SET=True not respected either.

[bobsdacool]

Priority/Impact

High (critical issue, blocks workflow)

Description

Hi. Hoping you can help with this issue.

I have set up webgr running behind my reverse proxy traefik using docker compose (portainer).

I am running into issues whenever I try and log into an account though.

Whilst I have set DEBUG TRUE for Django, the error I am receiving is not tremendously helpful

"Origin checking failed - null does not match any trusted origins."

I currently have the following environment parameters set

CSRF_TRUSTED_ORIGINS=https://wger.mydomain.com,wger.mydomain.com

and

X_FORWARDED_PROTO_HEADER_SET=True

Per the documentation, but these don't seem to be seen by django, as I would expect the error to more effectively be something along the lines of https://wger.mydomain.com does not match any trusted origin...

I'm not sure how to troubleshoot.

No container provides any log errors aside from the base images 403 error stating similarly.

Any help would be much appreciated.

Edit; Changing CSRF_TRUSTED_ORIGINS to "null" worked XD. This is still an issue though right? It's supposed to be my domain name?

Edit: had to change to http://null,https://null to allow for download of exercises etc...

Server version

No response

Mobile app version

No response

[rolandgeider]

Hi! and sorry for the late reply.

Obviously setting the origins to "null" is not... the intended way 😓 , but I think https://github.com/wger-project/docker/pull/139 will fix this