Scan history: CSRF error - <url> not in list of trusted origins #2522
Description
What happened
After setup, intelowl seems to be fully functional when being accessed through a fully qualified domain name via an external SSL enabled reverse proxy. However, on the /scan page, the frontend shows a CSRF error message in the scan history area, complaining about the URL I'm using to access intelowl not being contained in the list of trusted origins.
Environment
- OS: Debian 12.5
- IntelOwl version: 6.1.0
What did you expect to happen
Scan history should be displayed.
How to reproduce your issue
- configure intelowl with a fully qualified domain name (INTELOWL_WEB_CLIENT_DOMAIN in env, server_name in nginx configuration files)
- configure included nginx to serve app on port 80 via plain http; container connected to an additional external docker network
- configure an already existing second nginx container on that external docker network to act as an SSL enabled reverse proxy for intelowl and multiple additional services
- set HTTPS_ENABLED=True in environment
Error messages and logs
[CSRF Failed: Origin checking failed - https://<fqdn> does not match any trusted origins]
Potential Solution / Workaround
I was able to get around the issue by applying the following patch to intel_owl/settings/security.py and rebuilding the service:
diff --git a/intel_owl/settings/security.py b/intel_owl/settings/security.py
index e739d463..0e6b4f43 100644
--- a/intel_owl/settings/security.py
+++ b/intel_owl/settings/security.py
@@ -19,6 +19,7 @@ else:
WEB_CLIENT_URL = f"http://{WEB_CLIENT_DOMAIN}"
CSRF_COOKIE_SAMESITE = "Strict"
+CSRF_TRUSTED_ORIGINS = [f"{WEB_CLIENT_URL}"]
if STAGE_LOCAL:
# required to allow requests from port 3001 (frontend development)