[GH-ISSUE #165] CSRF verification failed.

kerem commented

2026-02-27 15:57:22 +03:00

Owner

Originally created by @honza801 on GitHub (Jul 26, 2018).
Original GitHub issue: https://github.com/retspen/webvirtcloud/issues/165

hi,

are there required any changes to csrf configration? seems it stopped working with django 1.11.

submitting clone ends with

Forbidden (403)
CSRF verification failed. Request aborted.

fous

Originally created by @honza801 on GitHub (Jul 26, 2018). Original GitHub issue: https://github.com/retspen/webvirtcloud/issues/165 hi, are there required any changes to csrf configration? seems it stopped working with django 1.11. submitting clone ends with Forbidden (403) CSRF verification failed. Request aborted. fous

kerem commented

2026-02-27 15:57:23 +03:00

Author

Owner

@catborise commented on GitHub (Jul 27, 2018):

i think it is must for 1.11 forms.

i check the code one form does not contain csrf statement.
it is instances/create_inst_block.html

is this html related with your problem?

@catborise commented on GitHub (Jul 27, 2018): i think it is must for 1.11 forms. i check the code one form does not contain csrf statement. it is instances/create_inst_block.html is this html related with your problem?

kerem commented

2026-02-27 15:57:23 +03:00

Author

Owner

@honza801 commented on GitHub (Jul 27, 2018):

no, i'm experiencing problem during instance cloning

instances/templates/instance.html

csrf token is present, but the error appers.

@honza801 commented on GitHub (Jul 27, 2018): no, i'm experiencing problem during instance cloning instances/templates/instance.html csrf token is present, but the error appers.

kerem commented

2026-02-27 15:57:23 +03:00

Author

Owner

@catborise commented on GitHub (Jul 27, 2018):

i have tried now. there is not any glitch. it is cloned properly.
could you try my branch ?
some changes haven't applied yet to retspen.

@catborise commented on GitHub (Jul 27, 2018): i have tried now. there is not any glitch. it is cloned properly. could you try my branch ? some changes haven't applied yet to retspen.

kerem commented

2026-02-27 15:57:23 +03:00

Author

Owner

@honza801 commented on GitHub (Jul 27, 2018):

i've just checked your branch and cant find any csrf related stuff.

how does your webvirtcloud/settings.py looks like? does it contain

MIDDLEWARE =(
...
'django.middleware.csrf.CsrfViewMiddleware',
...)

?

can you send this file? (without keys)

thanks
jan

@honza801 commented on GitHub (Jul 27, 2018): i've just checked your branch and cant find any csrf related stuff. how does your <code>webvirtcloud/settings.py</code> looks like? does it contain ``` MIDDLEWARE =( ... 'django.middleware.csrf.CsrfViewMiddleware', ...) ``` ? can you send this file? (without keys) thanks jan

kerem commented

2026-02-27 15:57:23 +03:00

Author

Owner

@catborise commented on GitHub (Jul 27, 2018):

Django settings for webvirtcloud project.

"""

import os
BASE_DIR = os.path.dirname(os.path.dirname(__file__))

SECRET_KEY = ''

DEBUG = True

ALLOWED_HOSTS = ['*']

INSTALLED_APPS = (
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'computes',
    'console',
    'networks',
    'storages',
    'interfaces',
    'instances',
    'secrets',
    'logs',
    'accounts',
    'create',
    'datasource',
)

MIDDLEWARE_CLASSES = (
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.auth.middleware.RemoteUserMiddleware',
    'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
)

AUTHENTICATION_BACKENDS = (
    'django.contrib.auth.backends.ModelBackend',
    #'django.contrib.auth.backends.RemoteUserBackend',
    #'accounts.backends.MyRemoteUserBackend',
)

LOGIN_URL = '/accounts/login'

ROOT_URLCONF = 'webvirtcloud.urls'

WSGI_APPLICATION = 'webvirtcloud.wsgi.application'

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.sqlite3',
        'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
    }
}

LANGUAGE_CODE = 'en-us'

TIME_ZONE = 'UTC'

USE_I18N = True

USE_L10N = True

USE_TZ = True

STATIC_URL = '/static/'

STATICFILES_DIRS = (
    os.path.join(BASE_DIR, "static"),
)

TEMPLATES = [
    {
        'BACKEND': 'django.template.backends.django.DjangoTemplates',
        'DIRS': [ os.path.join(BASE_DIR, 'templates'), ],
        'APP_DIRS': True,
        'OPTIONS': {
            'context_processors': [
                'django.template.context_processors.debug',
                'django.template.context_processors.request',
                'django.contrib.auth.context_processors.auth',
                'django.contrib.messages.context_processors.messages',
            ],
        },
    }
]

## WebVirtCloud settings

# Wobsock port
WS_PORT = 6080

# Websock host
WS_HOST = '0.0.0.0'

# Websock public port
WS_PUBLIC_HOST = None

# Websock SSL connection
WS_CERT = None

# list of console types
QEMU_CONSOLE_TYPES = ['vnc', 'spice']

# default console type
QEMU_CONSOLE_DEFAULT_TYPE = 'vnc'

# list of console listen addresses
QEMU_CONSOLE_LISTEN_ADDRESSES = (
    ('127.0.0.1', 'Localhost'),
    ('0.0.0.0', 'All interfaces'),
)

# list taken from http://qemu.weilnetz.de/qemu-doc.html#sec_005finvocation
QEMU_KEYMAPS = ['ar', 'da', 'de', 'de-ch', 'en-gb', 'en-us', 'es', 'et', 'fi',
                'fo', 'fr', 'fr-be', 'fr-ca', 'fr-ch', 'hr', 'hu', 'is', 'it',
                'ja', 'lt', 'lv', 'mk', 'nl', 'nl-be', 'no', 'pl', 'pt',
                'pt-br', 'ru', 'sl', 'sv', 'th', 'tr']

# keepalive interval and count for libvirt connections
LIBVIRT_KEEPALIVE_INTERVAL = 5
LIBVIRT_KEEPALIVE_COUNT = 5

ALLOW_INSTANCE_MULTIPLE_OWNER = True
NEW_USER_DEFAULT_INSTANCES = []
CLONE_INSTANCE_DEFAULT_PREFIX = 'instance'
LOGS_PER_PAGE = 100
QUOTA_DEBUG = True
ALLOW_EMPTY_PASSWORD = True
SHOW_ACCESS_ROOT_PASSWORD = False
SHOW_ACCESS_SSH_KEYS = False
SHOW_PROFILE_EDIT_PASSWORD = False

# available: default (grid), list
VIEW_ACCOUNTS_STYLE = 'grid'

INSTANCE_VOLUME_DEFAULT_FORMAT = 'qcow2'
INSTANCE_VOLUME_DEFAULT_BUS = 'virtio'
INSTANCE_VOLUME_DEFAULT_CACHE = 'directsync'

@catborise commented on GitHub (Jul 27, 2018): ```""" Django settings for webvirtcloud project. """ import os BASE_DIR = os.path.dirname(os.path.dirname(__file__)) SECRET_KEY = '' DEBUG = True ALLOWED_HOSTS = ['*'] INSTALLED_APPS = ( 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'computes', 'console', 'networks', 'storages', 'interfaces', 'instances', 'secrets', 'logs', 'accounts', 'create', 'datasource', ) MIDDLEWARE_CLASSES = ( 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.auth.middleware.RemoteUserMiddleware', 'django.contrib.auth.middleware.SessionAuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', ) AUTHENTICATION_BACKENDS = ( 'django.contrib.auth.backends.ModelBackend', #'django.contrib.auth.backends.RemoteUserBackend', #'accounts.backends.MyRemoteUserBackend', ) LOGIN_URL = '/accounts/login' ROOT_URLCONF = 'webvirtcloud.urls' WSGI_APPLICATION = 'webvirtcloud.wsgi.application' DATABASES = { 'default': { 'ENGINE': 'django.db.backends.sqlite3', 'NAME': os.path.join(BASE_DIR, 'db.sqlite3'), } } LANGUAGE_CODE = 'en-us' TIME_ZONE = 'UTC' USE_I18N = True USE_L10N = True USE_TZ = True STATIC_URL = '/static/' STATICFILES_DIRS = ( os.path.join(BASE_DIR, "static"), ) TEMPLATES = [ { 'BACKEND': 'django.template.backends.django.DjangoTemplates', 'DIRS': [ os.path.join(BASE_DIR, 'templates'), ], 'APP_DIRS': True, 'OPTIONS': { 'context_processors': [ 'django.template.context_processors.debug', 'django.template.context_processors.request', 'django.contrib.auth.context_processors.auth', 'django.contrib.messages.context_processors.messages', ], }, } ] ## WebVirtCloud settings # Wobsock port WS_PORT = 6080 # Websock host WS_HOST = '0.0.0.0' # Websock public port WS_PUBLIC_HOST = None # Websock SSL connection WS_CERT = None # list of console types QEMU_CONSOLE_TYPES = ['vnc', 'spice'] # default console type QEMU_CONSOLE_DEFAULT_TYPE = 'vnc' # list of console listen addresses QEMU_CONSOLE_LISTEN_ADDRESSES = ( ('127.0.0.1', 'Localhost'), ('0.0.0.0', 'All interfaces'), ) # list taken from http://qemu.weilnetz.de/qemu-doc.html#sec_005finvocation QEMU_KEYMAPS = ['ar', 'da', 'de', 'de-ch', 'en-gb', 'en-us', 'es', 'et', 'fi', 'fo', 'fr', 'fr-be', 'fr-ca', 'fr-ch', 'hr', 'hu', 'is', 'it', 'ja', 'lt', 'lv', 'mk', 'nl', 'nl-be', 'no', 'pl', 'pt', 'pt-br', 'ru', 'sl', 'sv', 'th', 'tr'] # keepalive interval and count for libvirt connections LIBVIRT_KEEPALIVE_INTERVAL = 5 LIBVIRT_KEEPALIVE_COUNT = 5 ALLOW_INSTANCE_MULTIPLE_OWNER = True NEW_USER_DEFAULT_INSTANCES = [] CLONE_INSTANCE_DEFAULT_PREFIX = 'instance' LOGS_PER_PAGE = 100 QUOTA_DEBUG = True ALLOW_EMPTY_PASSWORD = True SHOW_ACCESS_ROOT_PASSWORD = False SHOW_ACCESS_SSH_KEYS = False SHOW_PROFILE_EDIT_PASSWORD = False # available: default (grid), list VIEW_ACCOUNTS_STYLE = 'grid' INSTANCE_VOLUME_DEFAULT_FORMAT = 'qcow2' INSTANCE_VOLUME_DEFAULT_BUS = 'virtio' INSTANCE_VOLUME_DEFAULT_CACHE = 'directsync' ```

kerem referenced this issue

2026-02-27 15:58:40 +03:00

[PR #112] [MERGED] Add an option to allow an user to change VNC settings #425

Rows
Columns

[GH-ISSUE #165] CSRF verification failed. #112