lot of "Bad request. The CSRF tokens do not match"

Thu, 09 Jul 2020 01:07:17 -0700 

Hi all,

I am getting a lot of *Bad request. The CSRF tokens do not match.* with the
following setup on Ubuntu 20.04...
apache 2.4.41-4ubuntu3
python 3.8.2
... and took the following steps...

   1. Used venv to create the virtual environment
   2. Installed pgadmin4.23 via pip inside the venv
   3. Made /data/pgadmin4, /data/.env/pgadmin and
   /var/log/pgadmin/pgadmin.log owned by pgadmin:pgadmin
   4. Placed my old config_local.py in the new venv.
   5. Ran the setup.py within the venv

My normal website is running and apache is redirecting all http traffic to
https automatically and use letsencrypt
I can log into pgadmin if I reload the page or double click on links within
the app after a lot of reloading and double clicking links I can send sql
commands to postgresql and receive answers
I guess there is something not working with how the Flask CSRF cookie
structure works in combination with my configuration but am clueless at the
moment.
I tried adding COOKIE configs inside config_local.py but with the same
result. Even disabled the firefox config setting Upgrade-Insecure-Requests
but no change.
I tested in Firefox 78.0.1 (64-bit) and Chromium Version 83.0.4103.116
(Official Build) snap (64-bit) and both give this error.

Can pgAdmin4 run in a python 3.8 already?

regards,
             Bastiaan

Apache error:
ERROR\tflask.app:\t400 Bad Request: The CSRF tokens do not match.
Traceback (most recent call last):
  File "/data/.envs/pgadmin/lib/python3.8/site-packages/flask_wtf/csrf.py",
line 256, in protect
    validate_csrf(self._get_csrf_token())
  File "/data/.envs/pgadmin/lib/python3.8/site-packages/flask_wtf/csrf.py",
line 106, in validate_csrf
    raise ValidationError('The CSRF tokens do not match.')
wtforms.validators.ValidationError: The CSRF tokens do not match.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/data/.envs/pgadmin/lib/python3.8/site-packages/flask/app.py", line
1811, in full_dispatch_request
    rv = self.preprocess_request()
  File "/data/.envs/pgadmin/lib/python3.8/site-packages/flask/app.py", line
2087, in preprocess_request
    rv = func()
  File "/data/.envs/pgadmin/lib/python3.8/site-packages/flask_wtf/csrf.py",
line 224, in csrf_protect
    self.protect()
  File "/data/.envs/pgadmin/lib/python3.8/site-packages/flask_wtf/csrf.py",
line 259, in protect
    self._error_response(e.args[0])
  File "/data/.envs/pgadmin/lib/python3.8/site-packages/flask_wtf/csrf.py",
line 302, in _error_response
    raise CSRFError(reason)
flask_wtf.csrf.CSRFError: 400 Bad Request: The CSRF tokens do not match.
<MiddleMouse>


config_local.py

LOG_FILE = '/var/log/pgadmin/pgadmin.log'
SQLITE_PATH = '/data/pgadmin4/pgadmin4.db'
SESSION_DB_PATH = '/data/pgadmin4/sessions'
STORAGE_DIR = '/data/pgadmin4/storage'
SERVER_MODE = True
ENHANCED_COOKIE_PROTECTION = False
SESSION_COOKIE_SECURE = True
SESSION_COOKIE_HTTPONLY = True
REMEMBER_COOKIE_SECURE = True
REMEMBER_COOKIE_HTTPONLY = True

apache virtual env config:

<VirtualHost*:80>
ServerName www.[DOMAINNAME]

ServerAlias *.[DOMAINNAME]

#DocumentRoot /var/www/[DOMAINNAME]/htdocs

<Directory "/var/www/[DOMAINNAME]/htdocs">

OptionsIndexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog /var/log/apache2/error.[DOMAINNAME].log

Redirectpermanent / https://www.[DOMAINNAME]/

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>


<VirtualHost*:443>
#Let'sencrypt

SSLCertificateFile /etc/letsencrypt/live/www.[DOMAINNAME]/fullchain.pem

SSLCertificateKeyFile /etc/letsencrypt/live/www.[DOMAINNAME]/privkey.pem

Include /etc/letsencrypt/options-ssl-apache.conf


ServerName www.[DOMAINNAME]

DocumentRoot /var/www/[DOMAINNAME]/htdocs

ErrorLog /var/log/apache2/error.[DOMAINNAME].log


#Normalwebsite

<Directory "/var/www/[DOMAINNAME]/htdocs">

  OptionsIndexes FollowSymLinks

  AllowOverride All

  Require all granted

</Directory>

#www.[DOMAINNAME]/db = pgadmin4 application

WSGIDaemonProcesspgadmin user=pgadmin group=pgadmin processes=2 threads=5
python-home=/data/.envs/pgadmin
WSGIScriptAlias/db
/data/.envs/pgadmin/lib/python3.8/site-packages/pgadmin4/pgAdmin4.wsgi
<Directory /data/.envs/pgadmin/lib/python3.8/site-packages/pgadmin4>
  WSGIProcessGrouppgadmin
  WSGIApplicationGroup%{GLOBAL}
  Require all granted
</Directory>
</VirtualHost>

Reply via email to