this K9 Archiver Sign up

Forbidden (403) - null origin

Verified
team

alexdeathway

Author

14

Updates

192

Views

35

Downloads

4

Type

stats

=============================
  NOTES
=============================
Error 403 after upgrading Django
from 3.2.19 to 5.1.0 GitHub #41


Application/Module:
Gecom (live) Gecom(GitHub)
Environment: Production
Error Type: S grade failure

=============================
    ERROR DETAILS
=============================

Error Message:
Forbidden (403) CSRF verification failed. Request canceled. Help Reason given for failure: Origin checking failed -


null not match any trusted origins.



Error Code: Error 403 forbidden
Error Source/Location: somewhere in production environment.
Stack Trace: None

=============================
    CONTEXT INFORMATION
=============================

User ID: All
Operation/Function:Login/Signup
Input Parameters: user credentials.
HTTP Request (if applicable): 403


=============================
    SYSTEM INFORMATION
=============================

Operating System: Independent
Programming Language: Python
Framework/Libraries: Django and Bootstrap


Hypothesize #1 Missing CSRF_TRUSTED_ORIGIN

So after quick google search came across:

Changed in Django 4.0:

Origin header checking isn’t performed in older versions.

Added CSRF_TRUSTED_ORIGIN to settings and tested in production, still same problem. One thing to be noted is this problem doesn't occur in development environment and all the similar question dealing issue with origin not being in trusted origin, this is where our issue become unique, in our case request origin was simply null.

Hypothesize #2 Something to do with Cloudflare proxy worker

This seemed a promising approach in isolating the issue as we were getting null as origin, so this must have to do with that, so removed the proxy and fell back to Cloudflare only as DNS resolver, this didn't resolve the issue, for next test removed the DNS for request and requested directly to web server, still same issue.


Hypothesize #3 Initialization failure with _psycog
Facing some issues with psycopg2 ⇉
```
SystemError: initialization of _psycopg raised unreported exception
```
This error log was reported by Priyanshu Gupta. Will look into this.
[update]This seems to me more of collision of host environment with development than issue related to we are working on.

Hypothesize #4 Nginx/Django configuration issue[--picked]

[Update Jan 25, 2024]There are some question and discussion which mention similar issue
Stack overflow: Nginx and Django/Wagtail : Origin checking failed - null does not match any trusted origins


Django forum:Origin header checking fails for null origin


Paperless-ngx GitHub issue:[BUG] Login fails due to CSRF issue - (Origin checking failed - null does not match any trusted origins.) #817


Django-CORS-header GitHub issue:When 'localhost' '127.0.0.1' 'No 'Access-Control-Allow-Origin' header is present on the requested resource' #241


Solution

add configuration to nginx configuration

add_header P3P 'CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"';
No idea about how/why this works but some comments mentioned it as hacky solution which might become security risk, so have to look into it.