starred/ArchiveBox
1
0
Fork 0
mirror of https://github.com/ArchiveBox/ArchiveBox.git synced 2026-04-25 17:16:00 +03:00
Code Issues 624 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #1451] v0.8.1 CSRF errors when trying to submit POST requests #864

New issue
Closed
opened 2026-03-01 14:46:53 +03:00 by kerem · 8 comments
kerem commented 2026-03-01 14:46:53 +03:00
Owner
Copy link

Originally created by @ethitter on GitHub (Jun 7, 2024).
Original GitHub issue: https://github.com/ArchiveBox/ArchiveBox/issues/1451

Describe the bug

Attempting to generate an API key triggers an error, both via admin UI and API endpoint.

Steps to reproduce

Admin UI:

  1. Navigate to /admin/api/apitoken/add/
  2. Fill in the fields, click "Save"
  3. Expect API key to save, but instead receive 500 error

API:

  1. Make POST request to /api/v1/auth/get_api_token, passing valid user credentials in request body
  2. Expect token to be returned, but instead receive 503 error

Screenshots or log output

Admin UI:

Internal Server Error: /admin/api/apitoken/add/
Traceback (most recent call last):
  File "/usr/local/lib/python3.11/site-packages/django/core/handlers/exception.py", line 55, in inner
    response = get_response(request)
               ^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/django/core/handlers/base.py", line 197, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/django/contrib/admin/options.py", line 716, in wrapper
    return self.admin_site.admin_view(view)(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/django/utils/decorators.py", line 188, in _view_wrapper
    result = _process_exception(request, e)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/django/utils/decorators.py", line 186, in _view_wrapper
    response = view_func(request, *args, **kwargs)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/django/views/decorators/cache.py", line 80, in _view_wrapper
    response = view_func(request, *args, **kwargs)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/django/contrib/admin/sites.py", line 240, in inner
    return view(request, *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/django/contrib/admin/options.py", line 1945, in add_view
    return self.changeform_view(request, None, form_url, extra_context)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/django/utils/decorators.py", line 48, in _wrapper
    return bound_method(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/django/utils/decorators.py", line 188, in _view_wrapper
    result = _process_exception(request, e)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/django/utils/decorators.py", line 186, in _view_wrapper
    response = view_func(request, *args, **kwargs)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/django/contrib/admin/options.py", line 1804, in changeform_view
    return self._changeform_view(request, object_id, form_url, extra_context)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/django/contrib/admin/options.py", line 1855, in _changeform_view
    self.save_model(request, new_object, form, not add)
  File "/usr/local/lib/python3.11/site-packages/django/contrib/admin/options.py", line 1259, in save_model
    obj.save()
  File "/app/archivebox/abid_utils/models.py", line 86, in save
    self.abid = self.get_abid()
                ^^^^^^^^^^^^^^^
  File "/app/archivebox/abid_utils/models.py", line 107, in get_abid
    prefix, ts, uri, subtype, rand = self.abid_values.values()
                                     ^^^^^^^^^^^^^^^^
  File "/app/archivebox/abid_utils/models.py", line 99, in abid_values
    'subtype': eval(self.abid_subtype_src),
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "<string>", line 1, in <module>
AttributeError: 'APIToken' object has no attribute 'user_id'
"POST /admin/api/apitoken/add/ HTTP/1.1" 500 145

API:

{
  "succeeded": false,
  "message": "FieldError: Cannot resolve keyword 'user' into field. Choices are: abid, created, created_by, created_by_id, expires, id, modified, token, uuid",
  "errors": [
    "Traceback (most recent call last):\n  File \"/usr/local/lib/python3.11/site-packages/ninja/operation.py\", line 107, in run\n    result = self.view_func(request, **values)\n             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/app/archivebox/api/v1_auth.py\", line 30, in get_api_token\n    api_token, created = APIToken.objects.get_or_create(user=user)\n                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/usr/local/lib/python3.11/site-packages/django/db/models/manager.py\", line 87, in manager_method\n    return getattr(self.get_queryset(), name)(*args, **kwargs)\n           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/usr/local/lib/python3.11/site-packages/django/db/models/query.py\", line 948, in get_or_create\n    return self.get(**kwargs), False\n           ^^^^^^^^^^^^^^^^^^\n  File \"/usr/local/lib/python3.11/site-packages/django/db/models/query.py\", line 635, in get\n    clone = self._chain() if self.query.combinator else self.filter(*args, **kwargs)\n                                                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/usr/local/lib/python3.11/site-packages/django/db/models/query.py\", line 1476, in filter\n    return self._filter_or_exclude(False, args, kwargs)\n           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/usr/local/lib/python3.11/site-packages/django/db/models/query.py\", line 1494, in _filter_or_exclude\n    clone._filter_or_exclude_inplace(negate, args, kwargs)\n  File \"/usr/local/lib/python3.11/site-packages/django/db/models/query.py\", line 1501, in _filter_or_exclude_inplace\n    self._query.add_q(Q(*args, **kwargs))\n  File \"/usr/local/lib/python3.11/site-packages/django/db/models/sql/query.py\", line 1613, in add_q\n    clause, _ = self._add_q(q_object, self.used_aliases)\n                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/usr/local/lib/python3.11/site-packages/django/db/models/sql/query.py\", line 1645, in _add_q\n    child_clause, needed_inner = self.build_filter(\n                                 ^^^^^^^^^^^^^^^^^^\n  File \"/usr/local/lib/python3.11/site-packages/django/db/models/sql/query.py\", line 1495, in build_filter\n    lookups, parts, reffed_expression = self.solve_lookup_type(arg, summarize)\n                                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/usr/local/lib/python3.11/site-packages/django/db/models/sql/query.py\", line 1307, in solve_lookup_type\n    _, field, _, lookup_parts = self.names_to_path(lookup_splitted, self.get_meta())\n                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/usr/local/lib/python3.11/site-packages/django/db/models/sql/query.py\", line 1772, in names_to_path\n    raise FieldError(\ndjango.core.exceptions.FieldError: Cannot resolve keyword 'user' into field. Choices are: abid, created, created_by, created_by_id, expires, id, modified, token, uuid\n"
  ]
}

ArchiveBox version

0.8.1
ArchiveBox v0.8.1 COMMIT_HASH=ba14ee0 BUILD_TIME=2024-06-04 11:21:00 1717500060
IN_DOCKER=True IN_QEMU=False ARCH=x86_64 OS=Linux PLATFORM=Linux-6.1.84-99.169.amzn2023.x86_64-x86_64-with-glibc2.36 PYTHON=Cpython
FS_ATOMIC=True FS_REMOTE=True FS_USER=0:0 FS_PERMS=644
DEBUG=False IS_TTY=False TZ=UTC SEARCH_BACKEND=ripgrep LDAP=False

[i] Dependency versions:
 √  PYTHON_BINARY         v3.11.9         valid     /usr/local/bin/python3.11
 √  SQLITE_BINARY         v2.6.0          valid     /usr/local/lib/python3.11/sqlite3/dbapi2.py
 √  DJANGO_BINARY         v5.0.6          valid     /usr/local/lib/python3.11/site-packages/django/__init__.py
 √  ARCHIVEBOX_BINARY     v0.8.1          valid     /usr/local/bin/archivebox

 √  CURL_BINARY           v8.8.0          valid     /usr/bin/curl
 √  WGET_BINARY           v1.21.3         valid     /usr/bin/wget
 √  NODE_BINARY           v20.14.0        valid     /usr/bin/node
 √  SINGLEFILE_BINARY     v1.1.54         valid     /app/node_modules/single-file-cli/single-file
 √  READABILITY_BINARY    v0.0.11         valid     /app/node_modules/readability-extractor/readability-extractor
 √  MERCURY_BINARY        v1.0.0          valid     /app/node_modules/@postlight/parser/cli.js
 √  GIT_BINARY            v2.39.2         valid     /usr/bin/git
 √  YOUTUBEDL_BINARY      v2024.05.27     valid     /usr/local/bin/yt-dlp
 √  CHROME_BINARY         v125.0.6422.26  valid     /usr/bin/chromium-browser
 √  RIPGREP_BINARY        v13.0.0         valid     /usr/bin/rg

[i] Source-code locations:
 √  PACKAGE_DIR           31 files        valid     /app/archivebox
 √  TEMPLATES_DIR         3 files         valid     /app/archivebox/templates

[i] Data locations:
 √  OUTPUT_DIR            6 files @       valid     /data
 √  CONFIG_FILE           136.0 Bytes     valid     ./ArchiveBox.conf
 √  SQL_INDEX             936.0 KB        valid     ./index.sqlite3
 √  ARCHIVE_DIR           27 files        valid     ./archive
 √  SOURCES_DIR           12 files        valid     ./sources
 √  LOGS_DIR              1 files         valid     ./logs
 X  CACHE_DIR             missing         invalid   ./cache
 X  CUSTOM_TEMPLATES_DIR  missing         invalid   ./templates
 X  PERSONAS_DIR          missing         invalid   ./personas
Originally created by @ethitter on GitHub (Jun 7, 2024). Original GitHub issue: https://github.com/ArchiveBox/ArchiveBox/issues/1451 #### Describe the bug Attempting to generate an API key triggers an error, both via admin UI and API endpoint. #### Steps to reproduce **Admin UI:** 1. Navigate to `/admin/api/apitoken/add/` 2. Fill in the fields, click "Save" 3. Expect API key to save, but instead receive 500 error **API:** 1. Make `POST` request to `/api/v1/auth/get_api_token`, passing valid user credentials in request body 2. Expect token to be returned, but instead receive 503 error #### Screenshots or log output **Admin UI:** ```logs Internal Server Error: /admin/api/apitoken/add/ Traceback (most recent call last): File "/usr/local/lib/python3.11/site-packages/django/core/handlers/exception.py", line 55, in inner response = get_response(request) ^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/django/core/handlers/base.py", line 197, in _get_response response = wrapped_callback(request, *callback_args, **callback_kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/django/contrib/admin/options.py", line 716, in wrapper return self.admin_site.admin_view(view)(*args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/django/utils/decorators.py", line 188, in _view_wrapper result = _process_exception(request, e) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/django/utils/decorators.py", line 186, in _view_wrapper response = view_func(request, *args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/django/views/decorators/cache.py", line 80, in _view_wrapper response = view_func(request, *args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/django/contrib/admin/sites.py", line 240, in inner return view(request, *args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/django/contrib/admin/options.py", line 1945, in add_view return self.changeform_view(request, None, form_url, extra_context) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/django/utils/decorators.py", line 48, in _wrapper return bound_method(*args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/django/utils/decorators.py", line 188, in _view_wrapper result = _process_exception(request, e) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/django/utils/decorators.py", line 186, in _view_wrapper response = view_func(request, *args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/django/contrib/admin/options.py", line 1804, in changeform_view return self._changeform_view(request, object_id, form_url, extra_context) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/django/contrib/admin/options.py", line 1855, in _changeform_view self.save_model(request, new_object, form, not add) File "/usr/local/lib/python3.11/site-packages/django/contrib/admin/options.py", line 1259, in save_model obj.save() File "/app/archivebox/abid_utils/models.py", line 86, in save self.abid = self.get_abid() ^^^^^^^^^^^^^^^ File "/app/archivebox/abid_utils/models.py", line 107, in get_abid prefix, ts, uri, subtype, rand = self.abid_values.values() ^^^^^^^^^^^^^^^^ File "/app/archivebox/abid_utils/models.py", line 99, in abid_values 'subtype': eval(self.abid_subtype_src), ^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "<string>", line 1, in <module> AttributeError: 'APIToken' object has no attribute 'user_id' "POST /admin/api/apitoken/add/ HTTP/1.1" 500 145 ``` **API:** ```json { "succeeded": false, "message": "FieldError: Cannot resolve keyword 'user' into field. Choices are: abid, created, created_by, created_by_id, expires, id, modified, token, uuid", "errors": [ "Traceback (most recent call last):\n File \"/usr/local/lib/python3.11/site-packages/ninja/operation.py\", line 107, in run\n result = self.view_func(request, **values)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/app/archivebox/api/v1_auth.py\", line 30, in get_api_token\n api_token, created = APIToken.objects.get_or_create(user=user)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/usr/local/lib/python3.11/site-packages/django/db/models/manager.py\", line 87, in manager_method\n return getattr(self.get_queryset(), name)(*args, **kwargs)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/usr/local/lib/python3.11/site-packages/django/db/models/query.py\", line 948, in get_or_create\n return self.get(**kwargs), False\n ^^^^^^^^^^^^^^^^^^\n File \"/usr/local/lib/python3.11/site-packages/django/db/models/query.py\", line 635, in get\n clone = self._chain() if self.query.combinator else self.filter(*args, **kwargs)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/usr/local/lib/python3.11/site-packages/django/db/models/query.py\", line 1476, in filter\n return self._filter_or_exclude(False, args, kwargs)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/usr/local/lib/python3.11/site-packages/django/db/models/query.py\", line 1494, in _filter_or_exclude\n clone._filter_or_exclude_inplace(negate, args, kwargs)\n File \"/usr/local/lib/python3.11/site-packages/django/db/models/query.py\", line 1501, in _filter_or_exclude_inplace\n self._query.add_q(Q(*args, **kwargs))\n File \"/usr/local/lib/python3.11/site-packages/django/db/models/sql/query.py\", line 1613, in add_q\n clause, _ = self._add_q(q_object, self.used_aliases)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/usr/local/lib/python3.11/site-packages/django/db/models/sql/query.py\", line 1645, in _add_q\n child_clause, needed_inner = self.build_filter(\n ^^^^^^^^^^^^^^^^^^\n File \"/usr/local/lib/python3.11/site-packages/django/db/models/sql/query.py\", line 1495, in build_filter\n lookups, parts, reffed_expression = self.solve_lookup_type(arg, summarize)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/usr/local/lib/python3.11/site-packages/django/db/models/sql/query.py\", line 1307, in solve_lookup_type\n _, field, _, lookup_parts = self.names_to_path(lookup_splitted, self.get_meta())\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/usr/local/lib/python3.11/site-packages/django/db/models/sql/query.py\", line 1772, in names_to_path\n raise FieldError(\ndjango.core.exceptions.FieldError: Cannot resolve keyword 'user' into field. Choices are: abid, created, created_by, created_by_id, expires, id, modified, token, uuid\n" ] } ``` #### ArchiveBox version <!-- Run the `archivebox version` command locally then copy paste the result here: --> ```logs 0.8.1 ArchiveBox v0.8.1 COMMIT_HASH=ba14ee0 BUILD_TIME=2024-06-04 11:21:00 1717500060 IN_DOCKER=True IN_QEMU=False ARCH=x86_64 OS=Linux PLATFORM=Linux-6.1.84-99.169.amzn2023.x86_64-x86_64-with-glibc2.36 PYTHON=Cpython FS_ATOMIC=True FS_REMOTE=True FS_USER=0:0 FS_PERMS=644 DEBUG=False IS_TTY=False TZ=UTC SEARCH_BACKEND=ripgrep LDAP=False [i] Dependency versions: √ PYTHON_BINARY v3.11.9 valid /usr/local/bin/python3.11 √ SQLITE_BINARY v2.6.0 valid /usr/local/lib/python3.11/sqlite3/dbapi2.py √ DJANGO_BINARY v5.0.6 valid /usr/local/lib/python3.11/site-packages/django/__init__.py √ ARCHIVEBOX_BINARY v0.8.1 valid /usr/local/bin/archivebox √ CURL_BINARY v8.8.0 valid /usr/bin/curl √ WGET_BINARY v1.21.3 valid /usr/bin/wget √ NODE_BINARY v20.14.0 valid /usr/bin/node √ SINGLEFILE_BINARY v1.1.54 valid /app/node_modules/single-file-cli/single-file √ READABILITY_BINARY v0.0.11 valid /app/node_modules/readability-extractor/readability-extractor √ MERCURY_BINARY v1.0.0 valid /app/node_modules/@postlight/parser/cli.js √ GIT_BINARY v2.39.2 valid /usr/bin/git √ YOUTUBEDL_BINARY v2024.05.27 valid /usr/local/bin/yt-dlp √ CHROME_BINARY v125.0.6422.26 valid /usr/bin/chromium-browser √ RIPGREP_BINARY v13.0.0 valid /usr/bin/rg [i] Source-code locations: √ PACKAGE_DIR 31 files valid /app/archivebox √ TEMPLATES_DIR 3 files valid /app/archivebox/templates [i] Data locations: √ OUTPUT_DIR 6 files @ valid /data √ CONFIG_FILE 136.0 Bytes valid ./ArchiveBox.conf √ SQL_INDEX 936.0 KB valid ./index.sqlite3 √ ARCHIVE_DIR 27 files valid ./archive √ SOURCES_DIR 12 files valid ./sources √ LOGS_DIR 1 files valid ./logs X CACHE_DIR missing invalid ./cache X CUSTOM_TEMPLATES_DIR missing invalid ./templates X PERSONAS_DIR missing invalid ./personas ``` <!-- Tickets without full version info will closed until it is provided, we need the full output here to help you solve your issue -->
kerem closed this issue 2026-03-01 14:46:53 +03:00
kerem commented 2026-03-01 14:46:54 +03:00
Author
Owner
Copy link

@topperge commented on GitHub (Jun 10, 2024):

Just adding a comment that I'm getting the same problem with the same errors

<!-- gh-comment-id:2157297498 --> @topperge commented on GitHub (Jun 10, 2024): Just adding a comment that I'm getting the same problem with the same errors
kerem commented 2026-03-01 14:46:54 +03:00
Author
Owner
Copy link

@pirate commented on GitHub (Jun 10, 2024):

Sorry guys :dev is under heavy active work right now, might be broken a bit as I work on the new schemas. Stick with the tagged :0.8.0-rc or :stable for now.

<!-- gh-comment-id:2157819530 --> @pirate commented on GitHub (Jun 10, 2024): Sorry guys `:dev` is under heavy active work right now, might be broken a bit as I work on the new schemas. Stick with the tagged `:0.8.0-rc` or `:stable` for now.
kerem commented 2026-03-01 14:46:54 +03:00
Author
Owner
Copy link

@Write commented on GitHub (Aug 30, 2024):

Sorry guys :dev is under heavy active work right now, might be broken a bit as I work on the new schemas. Stick with the tagged :0.8.0-rc or :stable for now.

I can't seems to find any 0.8.x tag available and /admin/api/apitoken/add/ endpoint doesn't seems to exist in :stable ? Or maybe i'm just doing something wrong

<!-- gh-comment-id:2320016585 --> @Write commented on GitHub (Aug 30, 2024): > Sorry guys `:dev` is under heavy active work right now, might be broken a bit as I work on the new schemas. Stick with the tagged `:0.8.0-rc` or `:stable` for now. I can't seems to find any 0.8.x tag available and /admin/api/apitoken/add/ endpoint doesn't seems to exist in :stable ? Or maybe i'm just doing something wrong
kerem commented 2026-03-01 14:46:54 +03:00
Author
Owner
Copy link

@pirate commented on GitHub (Aug 30, 2024):

:dev was updated yesterday, it's still under active development but should be able to pull and run it now! Just make sure to back up any existing data before updating.

I'll also push a :0.8.2-rc tag (equivalent to :dev) right now.

<!-- gh-comment-id:2320079259 --> @pirate commented on GitHub (Aug 30, 2024): `:dev` was updated yesterday, it's still under active development but should be able to pull and run it now! Just make sure to back up any existing data before updating. I'll also push a `:0.8.2-rc` tag (equivalent to `:dev`) right now.
kerem commented 2026-03-01 14:46:54 +03:00
Author
Owner
Copy link

@Write commented on GitHub (Aug 30, 2024):

Thanks it works now.

I still can't use the API endpoint but I'm guessing that's because it's in heavy developement.

It doesn't matter if I add the API key either as "token" in the header or in the body of the request I always get
{"detail": "CSRF check Failed"}%

curl -X 'POST' \
  'https://myarchivebox/api/v1/cli/add' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -H 'token: redacted' \
  -d '{
  "urls": [
    "string"
  ],
  "token": "redacted",
  "tag": "",
  "depth": 0,
  "update": false,
  "update_all": false,
  "index_only": false,
  "overwrite": false,
  "init": false,
  "extractors": "",
  "parser": "auto"
}'

Upon reading this : https://github.com/ArchiveBox/ArchiveBox/blob/dev/archivebox/api/auth.py

I also tried adding ?api_key as param and also adding X-ArchiveBox-API-Key as header to no avail.

Another thing : Weirdly, you can't use ALLOWED_HOSTS=* as adding API Key via the admin panel will throw a csrf error. Manually adding your host make it works fine. I recommend adding yourhost,localhost to allow the healthcheck to work.

<!-- gh-comment-id:2321399827 --> @Write commented on GitHub (Aug 30, 2024): Thanks it works now. I still can't use the API endpoint but I'm guessing that's because it's in heavy developement. It doesn't matter if I add the API key either as "token" in the header or in the body of the request I always get {"detail": "CSRF check Failed"}% ``` curl -X 'POST' \ 'https://myarchivebox/api/v1/cli/add' \ -H 'accept: application/json' \ -H 'Content-Type: application/json' \ -H 'token: redacted' \ -d '{ "urls": [ "string" ], "token": "redacted", "tag": "", "depth": 0, "update": false, "update_all": false, "index_only": false, "overwrite": false, "init": false, "extractors": "", "parser": "auto" }' ``` Upon reading this : https://github.com/ArchiveBox/ArchiveBox/blob/dev/archivebox/api/auth.py I also tried adding ?api_key as param and also adding X-ArchiveBox-API-Key as header to no avail. Another thing : Weirdly, you can't use ALLOWED_HOSTS=* as adding API Key via the admin panel will throw a csrf error. Manually adding your host make it works fine. I recommend adding yourhost,localhost to allow the healthcheck to work.
kerem commented 2026-03-01 14:46:54 +03:00
Author
Owner
Copy link

@pirate commented on GitHub (Aug 31, 2024):

You need to set CSRF_TRUSTED_ORIGINS=https://archivebox.example.com (CSRF_TRUSTED_ORIGINS=http://localhost & 127.0.01 are auto included in v0.8.2). It's a new stricter requirement in Django >=v4.0, they don't allow * anymore. The docs will be updated to mention this when v0.8 is released, I'm also creating a new dedicated docs page for the REST API.

https://github.com/ArchiveBox/ArchiveBox/pull/1498/files#diff-b627cf6681c8f031fa16213db7f26ff256144856eea7c614691c357728317dc6R100

https://docs.djangoproject.com/en/5.1/ref/csrf/

Also you should pull 0.8.2, 0.8.1 is already far behind the latest build 😁

<!-- gh-comment-id:2322799225 --> @pirate commented on GitHub (Aug 31, 2024): You need to set `CSRF_TRUSTED_ORIGINS=https://archivebox.example.com` (`CSRF_TRUSTED_ORIGINS=http://localhost` & 127.0.01 are auto included in v0.8.2). It's a new stricter requirement in Django >=v4.0, they don't allow * anymore. The docs will be updated to mention this when v0.8 is released, I'm also creating a new dedicated docs page for the REST API. https://github.com/ArchiveBox/ArchiveBox/pull/1498/files#diff-b627cf6681c8f031fa16213db7f26ff256144856eea7c614691c357728317dc6R100 https://docs.djangoproject.com/en/5.1/ref/csrf/ Also you should pull 0.8.2, 0.8.1 is already far behind the latest build 😁
kerem commented 2026-03-01 14:46:54 +03:00
Author
Owner
Copy link

@Write commented on GitHub (Aug 31, 2024):

Thanks for your fast reply.

I'm on 0.8.2-rc indeed, I still can't get API to accept my domain, even after adding CSRF_TRUSTED_ORIGINS

archivebox  | Forbidden (CSRF cookie not set.): /api/v1/cli/add
archivebox  | Forbidden: /api/v1/cli/add
archivebox  | "POST /api/v1/cli/add HTTP/1.1" 403 31
<!-- gh-comment-id:2322969268 --> @Write commented on GitHub (Aug 31, 2024): Thanks for your fast reply. I'm on 0.8.2-rc indeed, I still can't get API to accept my domain, even after adding CSRF_TRUSTED_ORIGINS ``` archivebox | Forbidden (CSRF cookie not set.): /api/v1/cli/add archivebox | Forbidden: /api/v1/cli/add archivebox | "POST /api/v1/cli/add HTTP/1.1" 403 31 ```
kerem commented 2026-03-01 14:46:55 +03:00
Author
Owner
Copy link

@pirate commented on GitHub (Sep 6, 2024):

I made a lot of changes to the auth and CSRF in the latest v0.8.3-rc pre-release.

Can you give it a try? https://github.com/ArchiveBox/ArchiveBox/releases/tag/v0.8.3-rc

The API endpoints are now CSRF exempt, but as a result they also dont accept cookies, you have to add a Bearer/auth header or query parameter to use the API. (the /api/v1/docs endpoint explains how)

Comment back if you still encounter any trouble and I'll reopen the ticket!

<!-- gh-comment-id:2333763022 --> @pirate commented on GitHub (Sep 6, 2024): I made a lot of changes to the auth and CSRF in the latest v0.8.3-rc pre-release. Can you give it a try? https://github.com/ArchiveBox/ArchiveBox/releases/tag/v0.8.3-rc The API endpoints are now CSRF exempt, but as a result they also dont accept cookies, you have to add a Bearer/auth header or query parameter to use the API. (the /api/v1/docs endpoint explains how) Comment back if you still encounter any trouble and I'll reopen the ticket!
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
dev
main
abx-dl-refactor
claude/issue-1688-20251229-2233
claude/s3-support-migration-JZQcf
claude/review-snapshot-archive-RJOkr
claude/review-code-quality-macdO
claude/reduce-chrome-duplication-JgWVr
fix/chrome-args-comma-parsing
claude/issue-668-20251229-2145
claude/issue-1664-20251229-2236
v086
claude/improve-test-suite-xm6Bh
claude/typescript-archivebox-rewrite-011CUmPyEmECnkXwyHRT9RPF
claude/archivebox-schema-orm-comparison-011CUn26GurEpLiBUq4zjVLJ
stable
logfire
plugins-browsertrix
v072
link-removal2
v0.8.6rc1
v0.7.3
v0.8.6rc0
v0.8.5rc53
v0.8.5rc51
v0.8.5rc50
v0.8.5rc49
v0.8.5rc48
v0.8.5rc47
v0.8.5rc46
v0.8.5rc45
v0.8.5rc44
v0.8.5rc43
v0.8.5rc42
v0.8.5rc41
v0.8.5rc40
v0.8.5rc39
v0.8.5rc38
v0.8.5rc37
v0.8.5rc36
v0.8.5rc35
v0.8.5rc34
v0.8.5rc33
v0.8.5rc32
v0.8.5rc31
v0.8.5rc30
v0.8.5rc29
v0.8.5rc28
v0.8.5rc27
v0.8.5rc26
v0.8.5rc25
v0.8.5rc24
v0.8.5rc23
v0.8.5rc22
v0.8.5rc13
v0.8.5rc12
v0.8.5rc11
v0.8.5rc10
v0.8.5rc9
v0.8.5rc8
v0.8.5rc6
v0.8.5rc5
v0.8.5rc4
v0.8.5rc3
v0.8.5rc2
v0.8.5-rc
v0.8.4-rc
v0.8.3-rc
v0.8.2-rc
v0.8.0-rc
v0.7.2
v0.7.1
v0.7.0
v0.6.2
v0.6.0
v0.5.6
v0.5.4
v0.5.3
v0.4.24
v0.4.21
v0.4.20
v0.4.19
v0.4.18
v0.4.17
v0.4.16
v0.4.15
v0.4.14
v0.4.13
v0.4.12
v0.4.11
v0.4.9
v0.2.4
v0.2.3
v0.2.2
v0.2.1
v0.2.0
v0.1.0
v0.0.3
v0.0.2
v0.0.1
Labels
Clear labels   
expected: maybe someday

   
expected: next release

   
expected: release after next

   
expected: unlikely unless contributed

   
good first ticket

   
help wanted

   
pull-request

Mirrored from GitHub Pull Request

  
scope: all users

   
scope: windows users

   
size: easy

   
size: hard

   
size: medium

   
size: medium

   
status: backlog

   
status: blocked

   
status: done

   
status: idea-phase

   
status: needs followup

   
status: wip

   
status: wontfix

   
touches: API/CLI/Spec

   
touches: configuration

   
touches: data/schema/architecture

   
touches: dependencies/packaging

   
touches: docs

   
touches: js

   
touches: views/replayers/html/css

   
why: correctness

   
why: functionality

   
why: performance

   
why: security
No labels
expected: maybe someday
expected: next release
expected: release after next
expected: unlikely unless contributed
good first ticket
help wanted
pull-request
scope: all users
scope: windows users
size: easy
size: hard
size: medium
size: medium
status: backlog
status: blocked
status: done
status: idea-phase
status: needs followup
status: wip
status: wontfix
touches: API/CLI/Spec
touches: configuration
touches: data/schema/architecture
touches: dependencies/packaging
touches: docs
touches: js
touches: views/replayers/html/css
why: correctness
why: functionality
why: performance
why: security
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/ArchiveBox#864
No description provided.