Onpremise: CSRF failures after Nginx introduction

Created on 25 Apr 2020  路  3Comments  路  Source: getsentry/onpremise

Recently updated my install, and I've had CSRF failures.

I believe the problem is the nginx relay in https://github.com/getsentry/onpremise/blob/master/nginx/nginx.conf#L44 (introduced in #421) is not passing the original Host header (at least that fixed it locally for me).

Log line from web:

16:46:05 [WARNING] django.security.csrf: Forbidden (Referer checking failed - https://sentry.example.com/auth/login/org/ does not match any trusted origins.): /auth/login/org/ (status_code=403 request=)

Most helpful comment

Thanks @giggsey. I confirm that after adding the proxy_set_header line to the nginx.conf, the CSRF failure disappeared for me.

All 3 comments

It's missing the proxy_set_header from https://github.com/getsentry/sentry/pull/18433/files#diff-3194b88002aeabc2a7b45a1640d0869bR50

Thanks @giggsey. I confirm that after adding the proxy_set_header line to the nginx.conf, the CSRF failure disappeared for me.

proxy_set_header $http_host worked for me

Was this page helpful?
0 / 5 - 0 ratings

Related issues

multinerd picture multinerd  路  5Comments

WoLpH picture WoLpH  路  3Comments

NullIsNot0 picture NullIsNot0  路  5Comments

MaximilianKindshofer picture MaximilianKindshofer  路  6Comments

kh0r picture kh0r  路  5Comments