Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Signing into DocumentCloud throws a 403 CRSF error #213

Open
allanlasser opened this issue Nov 22, 2024 · 2 comments
Open

Signing into DocumentCloud throws a 403 CRSF error #213

allanlasser opened this issue Nov 22, 2024 · 2 comments
Labels
bug Something isn't working

Comments

@allanlasser
Copy link
Member

  • From www.documentcloud.org, click Sign In
  • Enter credentials in Squarelet
  • Redirect to application fails with message Forbidden (403): CSRF verification failed. Request aborted.
Screenshot 2024-11-22 at 1 05 56 PM

As a user, I don't know what to do next.

@eyeseast eyeseast added the bug Something isn't working label Nov 25, 2024
@allanlasser
Copy link
Member Author

allanlasser commented Nov 25, 2024

From what I can tell:

  1. CRSF_TRUSTED_ORIGINS setting is populated by CRSF_TRUSTED_ORIGINS environment variable
  2. This env variable is not set in Heroku

squarelet/config/settings/base.py

CSRF_TRUSTED_ORIGINS = env.list("CSRF_TRUSTED_ORIGINS", default=[])

@mitchelljkotler
Copy link
Member

I set the environment variable - let me know if this helps with the issue

@eyeseast eyeseast added this to the DevOps December milestone Dec 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

3 participants