[GH-ISSUE #672] CSRF and 403rd error #511

Closed
opened 2026-02-27 16:39:31 +03:00 by kerem · 1 comment
Owner

Originally created by @ivdok on GitHub (Oct 11, 2018).
Original GitHub issue: https://github.com/retspen/webvirtmgr/issues/672

My nginx.conf is uploaded here.
Developer tools show that I indeed receive crsftoken and sessionid cookies, but the reply from server always is "Forbidden (403) CSRF verification failed. Request aborted.", as if my browser doesn't accept cookies. Running server with runserver 0:8000 allows me to login, but it's obviously not a production solution. Defining debug = True in gunicorn.conf.py, surprisingly, didn't make WebVirtMgr spew more logs or make any sense. WTF? It did work on another testbox last week.

Originally created by @ivdok on GitHub (Oct 11, 2018). Original GitHub issue: https://github.com/retspen/webvirtmgr/issues/672 My nginx.conf is uploaded[ here.](https://gitlab.com/snippets/1762185) Developer tools show that I indeed receive crsftoken and sessionid cookies, but the reply from server always is "Forbidden (403) CSRF verification failed. Request aborted.", as if my browser doesn't accept cookies. Running server with `runserver 0:8000` allows me to login, but it's obviously not a production solution. Defining `debug = True` in gunicorn.conf.py, surprisingly, didn't make WebVirtMgr spew more logs or make any sense. WTF? It did work on another testbox last week.
kerem closed this issue 2026-02-27 16:39:31 +03:00
Author
Owner

@ivdok commented on GitHub (Oct 12, 2018):

For anybody else coming across this same error - it's related to nginx config error in wiki's template.
Find and replace string:
proxy_set_header Host $host:$server_port;
With:
proxy_set_header Host $host;
And with that, I'm closing the issue.

<!-- gh-comment-id:429254927 --> @ivdok commented on GitHub (Oct 12, 2018): For anybody else coming across this same error - it's related to nginx config error in wiki's template. Find and replace string: `proxy_set_header Host $host:$server_port;` With: `proxy_set_header Host $host;` And with that, I'm closing the issue.
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/webvirtmgr#511
No description provided.