starred/webvirtcloud
1
0
Fork 0
mirror of https://github.com/retspen/webvirtcloud.git synced 2026-04-26 07:55:52 +03:00
Code Issues 199 Projects Releases 1 Packages Wiki Activity

[GH-ISSUE #630] CSRF 403 error when trying to enable guest agent. #363

New issue
Open
opened 2026-02-27 15:58:23 +03:00 by kerem · 4 comments
kerem commented 2026-02-27 15:58:23 +03:00
Owner
Copy link

Originally created by @oreillymj on GitHub (Jan 15, 2024).
Original GitHub issue: https://github.com/retspen/webvirtcloud/issues/630

Since upgrading to the latest version of Webvirt cloud and associated django version, I see CSRF 403 errors when using the UI.
Specifically trying to enable the guest agent.

Looking at Chrome dev tools, I see a mis-match between the forms csrf token and the value in the csrf cookie.

I'm completely unable to login in a private window due to a 403.

When looking at dev tools, I see cookie set to
csrftoken=zhMVW2QdpvjMWGcW8umYb32sUYvlEu5z; token=3-5570c1d9-8da8-437e-84e4-fb5ce744b36e

but the csrftoken on the embedded form is ....

csrfmiddlewaretoken: 878NbOOzWhERjIK09BJGlZinBQ7zrxXyxeKyXGuCbCNt5eMM7VVumSaFlEsKVRSX

Not sure if that mismatch causes the 403

csrf3_2024-01-15_151123
csrf2_2024-01-15_151028
csrf1_2024-01-15_150934

Originally created by @oreillymj on GitHub (Jan 15, 2024). Original GitHub issue: https://github.com/retspen/webvirtcloud/issues/630 Since upgrading to the latest version of Webvirt cloud and associated django version, I see CSRF 403 errors when using the UI. Specifically trying to enable the guest agent. Looking at Chrome dev tools, I see a mis-match between the forms csrf token and the value in the csrf cookie. I'm completely unable to login in a private window due to a 403. When looking at dev tools, I see cookie set to csrftoken=zhMVW2QdpvjMWGcW8umYb32sUYvlEu5z; token=3-5570c1d9-8da8-437e-84e4-fb5ce744b36e but the csrftoken on the embedded form is .... csrfmiddlewaretoken: 878NbOOzWhERjIK09BJGlZinBQ7zrxXyxeKyXGuCbCNt5eMM7VVumSaFlEsKVRSX Not sure if that mismatch causes the 403 ![csrf3_2024-01-15_151123](https://github.com/retspen/webvirtcloud/assets/77720629/4e1d9b89-e1ec-403e-a783-4ca3c395a405) ![csrf2_2024-01-15_151028](https://github.com/retspen/webvirtcloud/assets/77720629/3a77312c-fc34-471f-8a50-9b94ec8ad41d) ![csrf1_2024-01-15_150934](https://github.com/retspen/webvirtcloud/assets/77720629/8948e2a0-0da5-4e7d-a3b5-d8878c29384a)
kerem commented 2026-02-27 15:58:24 +03:00
Author
Owner
Copy link

@catborise commented on GitHub (Jan 17, 2024):

Could you be trying to reactivate a previously activated device? "Disconnected" typically means that guest tools are not installed on the operating system or the guest service is not running.

<!-- gh-comment-id:1895100052 --> @catborise commented on GitHub (Jan 17, 2024): Could you be trying to reactivate a previously activated device? "Disconnected" typically means that guest tools are not installed on the operating system or the guest service is not running.
kerem commented 2026-02-27 15:58:24 +03:00
Author
Owner
Copy link

@oreillymj commented on GitHub (Jan 18, 2024):

All was working before upgrading to latest github commit. supervisorctl shows 3 running services.
I should mention that I have upgrade from Ubuntu20.04LTS ->22.04LTS, got Webvirtcloud running and I'm now on the 24.04 beta. I had to re-run pip3 so I maybe on a newer Django release which has stricter CSRF protection.

https://docs.djangoproject.com/en/5.0/howto/csrf/

<!-- gh-comment-id:1898072641 --> @oreillymj commented on GitHub (Jan 18, 2024): All was working before upgrading to latest github commit. supervisorctl shows 3 running services. I should mention that I have upgrade from Ubuntu20.04LTS ->22.04LTS, got Webvirtcloud running and I'm now on the **24.04** beta. I had to re-run pip3 so I maybe on a newer Django release which has stricter CSRF protection. https://docs.djangoproject.com/en/5.0/howto/csrf/
kerem commented 2026-02-27 15:58:24 +03:00
Author
Owner
Copy link

@whsir commented on GitHub (Apr 2, 2024):

I'm having the same problem.
CSRF 403

<!-- gh-comment-id:2031154929 --> @whsir commented on GitHub (Apr 2, 2024): I'm having the same problem. CSRF 403
kerem commented 2026-02-27 15:58:24 +03:00
Author
Owner
Copy link

@jbguo424 commented on GitHub (May 7, 2024):

Modify the settings.py like below
CSRF_TRUSTED_ORIGINS = ['http://localhost','http://your ip']

<!-- gh-comment-id:2098265738 --> @jbguo424 commented on GitHub (May 7, 2024): Modify the settings.py like below **_CSRF_TRUSTED_ORIGINS = ['http://localhost','http://your ip']_**
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v1.0
Labels
Clear labels   
bug

   
enhancement

   
pull-request

Mirrored from GitHub Pull Request

No labels
bug
enhancement
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/webvirtcloud#363
No description provided.