Iframe not possible CSRF verification failed. Request aborted.

Question

Iframe not possible CSRF verification failed. Request aborted.

riderx opened this issue 5 years ago · 7 comments

i wanna use my deployer healthcheck in a https iframe from the same main domain but i can't .

Why do you include an nginx service inside a docker ?

Answer 1 · 2020-02-05T21:16:14.000Z

So is your question how to fix the CSRF verification failed issue or why the image has an nginx server in it? Because nginx isn't directly related with "CSRF verification failed" message(s).

To not get CSRF verification failed messages, see the README:

A HTTPS Proxy is required for healthchecks to be reachable. This is caused by the CSRF verification failing if HTTPS is not used. The HTTPS Proxy must pass through/create X-FORWARDED-* headers. An example for a simple HTTPS proxy for Docker can be found here: GitHub - jwilder/nginx-proxy.

Taken from https://github.com/galexrt/docker-healthchecks#running-the-image

Nginx is used for serving the static files and "proxying" to the application itself: https://github.com/galexrt/docker-healthchecks/blob/master/includes/nginx/nginx.conf#L18-L42

Answer 2 · 2020-02-06T08:54:53.000Z

Sorry i was suspecting nginx to don't allow iframe.

My healthcheck is reachable, only login doesn't work if i'm in iframe.

i'm more suspecting the CSRF config to don't allow usage of iframe : https://stackoverflow.com/questions/53621161/django-csrf-cookie-not-set-in-iframe-workaround-without-csrf-exempt

Answer 3 · 2020-02-06T09:01:40.000Z

i use already transparent proxy like this:

header_upstream Host {host}
header_upstream X-Real-IP {remote}
header_upstream X-Forwarded-For {remote}
header_upstream X-Forwarded-Port {server_port}
header_upstream X-Forwarded-Proto {scheme}

Answer 4 · 2020-02-06T17:03:43.000Z

So you want to embeded healthchecks inside an iframe?

Tryout the Django CSRF config you posted and / or ask at the healthchecks project about the settings you need. Also your reverse proxy must have HTTPS enabled for the cookies to be transmitted "correctly".

From this project side I'm going to close this issue in a bit, as at least of right now this does not seem like an issue with the Docker image, but a configuration question.

Answer 5 · 2020-02-09T16:23:46.000Z

Okay i did it : healthchecks/healthchecks#326

Answer 6 · 2020-03-04T09:14:43.000Z

@riderx I'd like to understand the problem you're trying to solve a little better (mainly, why are you using an iframe?) I also think this is not an issue in the Docker image, let's discuss it in healthchecks/healthchecks#326

Answer 7 · 2020-03-19T16:03:22.000Z

It work now i close it