[GH-ISSUE #597] Forbidden (403) CSRF verification failed. Request aborted. #351

New issue

Closed

opened 2026-02-27 15:58:20 +03:00 by kerem · 7 comments

kerem commented 2026-02-27 15:58:20 +03:00

Owner

Copy link

Originally created by @puffpants on GitHub (Sep 4, 2023).
Original GitHub issue: https://github.com/retspen/webvirtcloud/issues/597

After using the Quick Install with Installer on Debian 12, everything seems to install correctly and I am presented with the web interface, however I get a Forbidden (403) CSRF verification failed. Request aborted. when using the default credentials, admin:admin.

what logs or additional information would be needed to troubleshoot.

WEBVIRTCLOUD


  Welcome to Webvirtcloud Installer for RHEL&Alternatives, Fedora, Debian and Ubuntu!


	  WEBVIRTCLOUD


  Welcome to Webvirtcloud Installer for RHEL&Alternatives, Fedora, Debian and Ubuntu!

  The installer has detected Debian version 12 codename bookworm.
  Q. Do you want to configure fqdn for Nginx? (y/n) y
  Q. What is the FQDN of your server? (debian-host.intra.XXXXX.com):
	 Setting to debian-host.intra.XXXXX.com

  Q. NOVNC service port number?(Default: 6080)
	 Setting novnc service port 6080

  Q. NOVNC public port number for reverse proxy(e.g: 80 or 443)?(Default: 6080)
	 Setting novnc public port 6080

  Q. NOVNC host listen ip?(Default: 0.0.0.0) 192.168.20.100
	 Setting novnc host ip 192.168.20.100

* Updating installed packages./
*  Installing OS requirements.
  * git already installed
  * virtualenv already installed
  * python3-virtualenv already installed
  * python3-dev already installed
  * python3-lxml already installed
  * libvirt-dev already installed
  * zlib1g-dev already installed
  * libxslt1-dev already installed
  * nginx already installed
  * supervisor already installed
  * libsasl2-modules already installed
  * gcc already installed
  * pkg-config already installed
  * python3-guestfs already installed
  * uuid already installed
* Setting up hosts file.
* Creating webvirtcloud user.
adduser: The user `wvcuser' already exists.
* Cloning webvirtcloud from github to the web directory.
* Configuring settings.py file.
* Secret for Django generated: $y)%o599a9%yll6fgsor5as7_6=(b8+l+lw_dr^lu672$q31gg
* Activate virtual environment.
created virtual environment CPython3.11.2.final.0-64 in 246ms
  creator CPython3Posix(dest=/srv/webvirtcloud/venv, clear=False, no_vcs_ignore=False, global=False)
  seeder FromAppData(download=False, pip=bundle, setuptools=bundle, wheel=bundle, via=copy, app_data_dir=/root/.local/share/virtualenv)
	added seed packages: Django==4.2.4, Markdown==3.4.4, PyYAML==6.0.1, annotated_types==0.5.0, asgiref==3.7.2, bidict==0.22.1, certifi==2023.7.22, charset_normalizer==3.2.0, django_bootstrap5==23.3, django_bootstrap_icons==0.8.3, django_login_required_middleware==0.9.0, django_otp==1.2.2, django_qr_code==3.1.1, djangorestframework==3.14.0, dnspython==2.4.2, drf_nested_routers==0.93.4, drf_yasg==1.21.7, eventlet==0.33.3, greenlet==2.0.2, gunicorn==21.2.0, idna==3.4, inflection==0.5.1, ldap3==2.9.1, libsass==0.22.0, libvirt_python==9.6.0, lxml==4.9.3, numpy==1.25.2, packaging==23.1, pip==23.0.1, pyasn1==0.5.0, pydantic==2.3.0, pydantic_core==2.6.3, pypng==0.20220715.0, python_engineio==4.5.1, python_socketio==5.8.0, pytz==2023.3, qrcode==7.4.2, requests==2.31.0, rwlock==0.0.7, segno==1.5.2, setuptools==66.1.1, six==1.16.0, sqlparse==0.4.4, typing_extensions==4.7.1, uritemplate==4.1.1, urllib3==2.0.4, websockify==0.10.0, wheel==0.38.4, zipp==3.16.2
  activators BashActivator,CShellActivator,FishActivator,NushellActivator,PowerShellActivator,PythonActivator
* Install App's Python requirements.
Requirement already satisfied: pip in ./venv/lib/python3.11/site-packages (23.0.1)
Collecting pip
  Using cached pip-23.2.1-py3-none-any.whl (2.1 MB)
Installing collected packages: pip
  Attempting uninstall: pip
	Found existing installation: pip 23.0.1
	Uninstalling pip-23.0.1:
	  Successfully uninstalled pip-23.0.1
Successfully installed pip-23.2.1
* Django Migrate.
No changes detected
Operations to perform:
  Apply all migrations: accounts, admin, appsettings, auth, computes, contenttypes, instances, interfaces, logs, networks, otp_totp, sessions, storages
Running migrations:
  No migrations to apply.
! SHOW_PROFILE_EDIT_PASSWORD is found inside settings.py
* Applying permission can_change_password for all users
! Warning!!! Setting to True for all users
! Don`t forget to remove the option from settings.py
* Django Collect Static

0 static files copied to '/srv/webvirtcloud/static', 70 unmodified.
* Configuring Nginx.
  * Copying Nginx configuration
* Configuring Supervisor.
  * Copying supervisor configuration
* Setting Supervisor to start on boot and restart.
* Setting Nginx to start on boot and starting Nginx.

  ***Open http://debian-host.intra.XXXXX.com to login to webvirtcloud.***


* Cleaning up...
* Finished!

Originally created by @puffpants on GitHub (Sep 4, 2023). Original GitHub issue: https://github.com/retspen/webvirtcloud/issues/597 After using the Quick Install with Installer on Debian 12, everything seems to install correctly and I am presented with the web interface, however I get a Forbidden (403) CSRF verification failed. Request aborted. when using the default credentials, admin:admin.  what logs or additional information would be needed to troubleshoot. WEBVIRTCLOUD Welcome to Webvirtcloud Installer for RHEL&Alternatives, Fedora, Debian and Ubuntu! WEBVIRTCLOUD Welcome to Webvirtcloud Installer for RHEL&Alternatives, Fedora, Debian and Ubuntu! The installer has detected Debian version 12 codename bookworm. Q. Do you want to configure fqdn for Nginx? (y/n) y Q. What is the FQDN of your server? (debian-host.intra.XXXXX.com): Setting to debian-host.intra.XXXXX.com Q. NOVNC service port number?(Default: 6080) Setting novnc service port 6080 Q. NOVNC public port number for reverse proxy(e.g: 80 or 443)?(Default: 6080) Setting novnc public port 6080 Q. NOVNC host listen ip?(Default: 0.0.0.0) 192.168.20.100 Setting novnc host ip 192.168.20.100 * Updating installed packages./ * Installing OS requirements. * git already installed * virtualenv already installed * python3-virtualenv already installed * python3-dev already installed * python3-lxml already installed * libvirt-dev already installed * zlib1g-dev already installed * libxslt1-dev already installed * nginx already installed * supervisor already installed * libsasl2-modules already installed * gcc already installed * pkg-config already installed * python3-guestfs already installed * uuid already installed * Setting up hosts file. * Creating webvirtcloud user. adduser: The user `wvcuser' already exists. * Cloning webvirtcloud from github to the web directory. * Configuring settings.py file. * Secret for Django generated: $y)%o599a9%yll6fgsor5as7_6=(b8+l+lw_dr^lu672$q31gg * Activate virtual environment. created virtual environment CPython3.11.2.final.0-64 in 246ms creator CPython3Posix(dest=/srv/webvirtcloud/venv, clear=False, no_vcs_ignore=False, global=False) seeder FromAppData(download=False, pip=bundle, setuptools=bundle, wheel=bundle, via=copy, app_data_dir=/root/.local/share/virtualenv) added seed packages: Django==4.2.4, Markdown==3.4.4, PyYAML==6.0.1, annotated_types==0.5.0, asgiref==3.7.2, bidict==0.22.1, certifi==2023.7.22, charset_normalizer==3.2.0, django_bootstrap5==23.3, django_bootstrap_icons==0.8.3, django_login_required_middleware==0.9.0, django_otp==1.2.2, django_qr_code==3.1.1, djangorestframework==3.14.0, dnspython==2.4.2, drf_nested_routers==0.93.4, drf_yasg==1.21.7, eventlet==0.33.3, greenlet==2.0.2, gunicorn==21.2.0, idna==3.4, inflection==0.5.1, ldap3==2.9.1, libsass==0.22.0, libvirt_python==9.6.0, lxml==4.9.3, numpy==1.25.2, packaging==23.1, pip==23.0.1, pyasn1==0.5.0, pydantic==2.3.0, pydantic_core==2.6.3, pypng==0.20220715.0, python_engineio==4.5.1, python_socketio==5.8.0, pytz==2023.3, qrcode==7.4.2, requests==2.31.0, rwlock==0.0.7, segno==1.5.2, setuptools==66.1.1, six==1.16.0, sqlparse==0.4.4, typing_extensions==4.7.1, uritemplate==4.1.1, urllib3==2.0.4, websockify==0.10.0, wheel==0.38.4, zipp==3.16.2 activators BashActivator,CShellActivator,FishActivator,NushellActivator,PowerShellActivator,PythonActivator * Install App's Python requirements. Requirement already satisfied: pip in ./venv/lib/python3.11/site-packages (23.0.1) Collecting pip Using cached pip-23.2.1-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 23.0.1 Uninstalling pip-23.0.1: Successfully uninstalled pip-23.0.1 Successfully installed pip-23.2.1 * Django Migrate. No changes detected Operations to perform: Apply all migrations: accounts, admin, appsettings, auth, computes, contenttypes, instances, interfaces, logs, networks, otp_totp, sessions, storages Running migrations: No migrations to apply. ! SHOW_PROFILE_EDIT_PASSWORD is found inside settings.py * Applying permission can_change_password for all users ! Warning!!! Setting to True for all users ! Don`t forget to remove the option from settings.py * Django Collect Static 0 static files copied to '/srv/webvirtcloud/static', 70 unmodified. * Configuring Nginx. * Copying Nginx configuration * Configuring Supervisor. * Copying supervisor configuration * Setting Supervisor to start on boot and restart. * Setting Nginx to start on boot and starting Nginx. ***Open http://debian-host.intra.XXXXX.com to login to webvirtcloud.*** * Cleaning up... * Finished!

kerem closed this issue 2026-02-27 15:58:21 +03:00

kerem commented 2026-02-27 15:58:21 +03:00

Author

Owner

Copy link

@puffpants commented on GitHub (Sep 4, 2023):

I have reinstalled using the manual method and all went well, but i am seeing the same issue. i have enabled Debug and see this:

<!-- gh-comment-id:1705767076 --> @puffpants commented on GitHub (Sep 4, 2023): I have reinstalled using the manual method and all went well, but i am seeing the same issue. i have enabled Debug and see this: 

kerem commented 2026-02-27 15:58:21 +03:00

Author

Owner

Copy link

@puffpants commented on GitHub (Sep 4, 2023):

adding this:

to the setings.py seems to have fixed, but from reading this should not have been needed, nor does it seem to be the "right" way. ill leave this open to see why it had to be done manually, or for it to be added to the instructions.

<!-- gh-comment-id:1705770900 --> @puffpants commented on GitHub (Sep 4, 2023): adding this:  to the setings.py seems to have fixed, but from reading this should not have been needed, nor does it seem to be the "right" way. ill leave this open to see why it had to be done manually, or for it to be added to the instructions.

kerem commented 2026-02-27 15:58:21 +03:00

Author

Owner

Copy link

@puffpants commented on GitHub (Sep 5, 2023):

to follow up again, I am able to get into the web interface, but when trying to add a server, the local host, i get this error:

I will note that the last step of the install is not able to finish:

	USER@debian-host:/etc/default$ wget -O - https://bit.ly/36baWUu | sudo sh
	--2023-09-04 20:02:52--  https://bit.ly/36baWUu
	Resolving bit.ly (bit.ly)... 67.199.248.11, 67.199.248.10
	Connecting to bit.ly (bit.ly)|67.199.248.11|:443... connected.
	HTTP request sent, awaiting response... 301 Moved Permanently
	Location: https://raw.githubusercontent.com/retspen/webvirtcloud/master/dev/libvirt-bootstrap.sh [following]
	--2023-09-04 20:02:52--  https://raw.githubusercontent.com/retspen/webvirtcloud/master/dev/libvirt-bootstrap.sh
	Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.108.133, 185.199.109.133, 185.199.111.133, ...
	Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.108.133|:443... connected.
	HTTP request sent, awaiting response... 200 OK
	Length: 32168 (31K) [text/plain]
	Saving to: ‘STDOUT’

	-                                                         100%[====================================================================================================================================>]  31.41K  --.-KB/s    in 0.004s

	2023-09-04 20:02:52 (6.95 MB/s) - written to stdout [32168/32168]

	 *  INFO: Found function install_debian
	sh: 48: [: Illegal number:
	 *  INFO: Running install_debian()
	Hit:1 http://deb.debian.org/debian bookworm InRelease
	Hit:2 http://security.debian.org/debian-security bookworm-security InRelease
	Hit:3 http://deb.debian.org/debian bookworm-updates InRelease
	Hit:4 https://dl.google.com/linux/chrome/deb stable InRelease
	Reading package lists... Done
	Reading package lists... Done
	Building dependency tree... Done
	Reading state information... Done
	Note, selecting 'qemu-system-x86' instead of 'qemu-kvm'
	Package qemu is not available, but is referred to by another package.
	This may mean that the package is missing, has been obsoleted, or
	is only available from another source

	E: Package 'qemu' has no installation candidate
	 * ERROR: Failed to run install_debian()!!!

<!-- gh-comment-id:1705778547 --> @puffpants commented on GitHub (Sep 5, 2023): to follow up again, I am able to get into the web interface, but when trying to add a server, the local host, i get this error:  I will note that the last step of the install is not able to finish: USER@debian-host:/etc/default$ wget -O - https://bit.ly/36baWUu | sudo sh --2023-09-04 20:02:52-- https://bit.ly/36baWUu Resolving bit.ly (bit.ly)... 67.199.248.11, 67.199.248.10 Connecting to bit.ly (bit.ly)|67.199.248.11|:443... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: https://raw.githubusercontent.com/retspen/webvirtcloud/master/dev/libvirt-bootstrap.sh [following] --2023-09-04 20:02:52-- https://raw.githubusercontent.com/retspen/webvirtcloud/master/dev/libvirt-bootstrap.sh Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.108.133, 185.199.109.133, 185.199.111.133, ... Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.108.133|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 32168 (31K) [text/plain] Saving to: ‘STDOUT’ - 100%[====================================================================================================================================>] 31.41K --.-KB/s in 0.004s 2023-09-04 20:02:52 (6.95 MB/s) - written to stdout [32168/32168] * INFO: Found function install_debian sh: 48: [: Illegal number: * INFO: Running install_debian() Hit:1 http://deb.debian.org/debian bookworm InRelease Hit:2 http://security.debian.org/debian-security bookworm-security InRelease Hit:3 http://deb.debian.org/debian bookworm-updates InRelease Hit:4 https://dl.google.com/linux/chrome/deb stable InRelease Reading package lists... Done Reading package lists... Done Building dependency tree... Done Reading state information... Done Note, selecting 'qemu-system-x86' instead of 'qemu-kvm' Package qemu is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available from another source E: Package 'qemu' has no installation candidate * ERROR: Failed to run install_debian()!!!

kerem commented 2026-02-27 15:58:21 +03:00

Author

Owner

Copy link

@catborise commented on GitHub (Sep 5, 2023):

there is some changes in debian 12 package names. i will fix it. thanks. also django CSRF verification changes exist. we must add CSRF_TRUSTED_ORIGINS to settings.py

<!-- gh-comment-id:1706430961 --> @catborise commented on GitHub (Sep 5, 2023): there is some changes in debian 12 package names. i will fix it. thanks. also django CSRF verification changes exist. we must add CSRF_TRUSTED_ORIGINS to settings.py

kerem commented 2026-02-27 15:58:21 +03:00

Author

Owner

Copy link

@catborise commented on GitHub (Sep 6, 2023):

@puffpants i think all problems are solved. you can try with latest.. cheers

<!-- gh-comment-id:1708227472 --> @catborise commented on GitHub (Sep 6, 2023): @puffpants i think all problems are solved. you can try with latest.. cheers

kerem commented 2026-02-27 15:58:21 +03:00

Author

Owner

Copy link

@puffpants commented on GitHub (Sep 9, 2023):

@catborise I have reinstalled via manual method.

i can see that CSRF_TRUSTED_ORIGINS = ['http://localhost',] has been added to the settings.py file, but this only allows for access from the local system. This is better, but a step should probably be added to either edit the hostname, or have it pull it in automatically somehow.

I was now able to run the "setup libvirt and KVM on server" without issue.

wget -O - https://bit.ly/36baWUu | sudo sh

With that said I am able to log in, but wen I try to add the host server, still get errors:

TCP:

SSH:

TLS:

Local:

If there are post install / setup steps i have missed, can you please link them?

Thanks!

<!-- gh-comment-id:1712545439 --> @puffpants commented on GitHub (Sep 9, 2023): @catborise I have reinstalled via manual method. i can see that CSRF_TRUSTED_ORIGINS = ['http://localhost',] has been added to the settings.py file, but this only allows for access from the local system. This is better, but a step should probably be added to either edit the hostname, or have it pull it in automatically somehow. I was now able to run the "setup libvirt and KVM on server" without issue. wget -O - https://bit.ly/36baWUu | sudo sh With that said I am able to log in, but wen I try to add the host server, still get errors: TCP:  SSH:  TLS:  Local:  If there are post install / setup steps i have missed, can you please link them? Thanks!

kerem commented 2026-02-27 15:58:21 +03:00

Author

Owner

Copy link

@puffpants commented on GitHub (Sep 9, 2023):

I found the info to make the SSH keys lower down. all is working now. Thanks!

<!-- gh-comment-id:1712639568 --> @puffpants commented on GitHub (Sep 9, 2023): I found the info to make the SSH keys lower down. all is working now. Thanks!

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

v1.0

Labels

Clear labels   

bug

  

enhancement

  

pull-request

Mirrored from GitHub Pull Request

No labels

bug

enhancement

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/webvirtcloud#351

No description provided.