Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Wrong documentation for CSRF_TRUSTED_ORIGINS #112

Closed
1 task done
marlenekoh opened this issue Nov 30, 2023 · 3 comments · Fixed by #115
Closed
1 task done

[BUG] Wrong documentation for CSRF_TRUSTED_ORIGINS #112

marlenekoh opened this issue Nov 30, 2023 · 3 comments · Fixed by #115
Labels
good first issue help wanted

Comments

@marlenekoh
Copy link

marlenekoh commented Nov 30, 2023
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

From the README

## Note on `CSRF_TRUSTED_ORIGINS`

On first run (or any startup where `REGENERATE_SETTINGS=true`) we will set `CSRF_TRUSTED_ORIGINS` to match the value of `SITE_ROOT`. If you need different/additional origins, you will need to edit `/config/local_settings.py` and add them yourself. Note that setting `REGENERATE_SETTINGS=true` will overwrite any changes on startup.

Expected Behavior

However, the behaviour has changed since this commit bd0cb9e

Please update the readme docs with an example that CSRF_TRUSTED_ORIGINS has to be manually set, and that it takes in only a str and not a list (different behaviour from django's CSRF_TRUSTED_ORIGINS)

Steps To Reproduce

Works

SITE_ROOT=https://my-healthchecks-app.abc.com
CSRF_TRUSTED_ORIGINS=https://my-healthchecks-app.abc.com

Does not work

SITE_ROOT=https://my-healthchecks-app.abc.com
CSRF_TRUSTED_ORIGINS=["https://my-healthchecks-app.abc.com"]

SITE_ROOT=https://my-healthchecks-app.abc.com
# creates container with CSRF_TRUSTED_ORIGINS=[]

Environment

No response

CPU architecture

x86-64

Docker creation

version: "3"
  web:
    image: linuxserver/healthchecks:amd64-version-v3.0.1
    environment:
      - SITE_ROOT=https://my-healthchecks-app.abc.com
      - SITE_NAME=Healthchecks
      - DEBUG=True
      - ALLOWED_HOSTS=["localhost","my-healthchecks-app.abc.com"]
      - [email protected]
      - REGENERATE_SETTINGS=True
      - [email protected]
      - SUPERUSER_PASSWORD=somepass
      - EMAIL_USE_VERIFICATION=False
      - REGISTRATION_OPEN=False
      - REMOTE_USER_HEADER=HTTP_X_EMAIL
      - CSRF_TRUSTED_ORIGINS=["https://my-healthchecks-app.abc.com"]
    ports:
      - 8000:8000

Container logs

SyntaxError: invalid syntax. Perhaps you forgot a comma?
Traceback (most recent call last):
  File "/app/healthchecks/manage.py", line 17, in <module>
    raise e
  File "/app/healthchecks/manage.py", line 13, in <module>
    execute_from_command_line(sys.argv)
  File "/lsiopy/lib/python3.11/site-packages/django/core/management/__init__.py", line 442, in execute_from_command_line
    utility.execute()
  File "/lsiopy/lib/python3.11/site-packages/django/core/management/__init__.py", line 382, in execute
    settings.INSTALLED_APPS
  File "/lsiopy/lib/python3.11/site-packages/django/conf/__init__.py", line 102, in __getattr__
    self._setup(name)
  File "/lsiopy/lib/python3.11/site-packages/django/conf/__init__.py", line 89, in _setup
    self._wrapped = Settings(settings_module)
                    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/lsiopy/lib/python3.11/site-packages/django/conf/__init__.py", line 217, in __init__
    mod = importlib.import_module(self.SETTINGS_MODULE)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/importlib/__init__.py", line 126, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "<frozen importlib._bootstrap>", line 1204, in _gcd_import
  File "<frozen importlib._bootstrap>", line 1176, in _find_and_load
  File "<frozen importlib._bootstrap>", line 1147, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 690, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 940, in exec_module
  File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed
  File "/app/healthchecks/hc/settings.py", line 338, in <module>
    from .local_settings import *  # noqa: F403
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/healthchecks/hc/local_settings.py", line 9
    CSRF_TRUSTED_ORIGINS = ["["https://my-healthchecks-app.abc.com"]"
@github-actions GitHub Actions
Copy link

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

@sukanta-nandi
Copy link

Created a PR for this change #114

@thespad thespad mentioned this issue Jan 22, 2024
Merged
1 task
@thespad
Copy link
Member

thespad commented Jan 22, 2024

The readme isn't wrong, but the init logic was. The linked PR should fix the logic and also updates the readme to clarify setting the CSRF_TRUSTED_ORIGINS as it's not part of the Healthchecks docs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue help wanted
Projects
Issue & PR Tracker
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix CSRF handling linuxserver/docker-healthchecks
4 participants
@thespad @sukanta-nandi @marlenekoh @drizuid