webvirtcloud icon indicating copy to clipboard operation
webvirtcloud copied to clipboard
verified publisher icon retspen

CSRF 403 error when trying to enable guest agent.

Open oreillymj opened this issue 2 years ago • 4 comments

Since upgrading to the latest version of Webvirt cloud and associated django version, I see CSRF 403 errors when using the UI. Specifically trying to enable the guest agent.

Looking at Chrome dev tools, I see a mis-match between the forms csrf token and the value in the csrf cookie.

I'm completely unable to login in a private window due to a 403.

When looking at dev tools, I see cookie set to csrftoken=zhMVW2QdpvjMWGcW8umYb32sUYvlEu5z; token=3-5570c1d9-8da8-437e-84e4-fb5ce744b36e

but the csrftoken on the embedded form is ....

csrfmiddlewaretoken: 878NbOOzWhERjIK09BJGlZinBQ7zrxXyxeKyXGuCbCNt5eMM7VVumSaFlEsKVRSX

Not sure if that mismatch causes the 403

csrf3_2024-01-15_151123 csrf2_2024-01-15_151028 csrf1_2024-01-15_150934

oreillymj avatar Jan 15 '24 15:01 oreillymj

Could you be trying to reactivate a previously activated device? "Disconnected" typically means that guest tools are not installed on the operating system or the guest service is not running.

catborise avatar Jan 17 '24 06:01 catborise

All was working before upgrading to latest github commit. supervisorctl shows 3 running services. I should mention that I have upgrade from Ubuntu20.04LTS ->22.04LTS, got Webvirtcloud running and I'm now on the 24.04 beta. I had to re-run pip3 so I maybe on a newer Django release which has stricter CSRF protection.

https://docs.djangoproject.com/en/5.0/howto/csrf/

oreillymj avatar Jan 18 '24 09:01 oreillymj

I'm having the same problem. CSRF 403

whsir avatar Apr 02 '24 06:04 whsir

Modify the settings.py like below CSRF_TRUSTED_ORIGINS = ['http://localhost','http://your ip']

jbguo424 avatar May 07 '24 12:05 jbguo424