Thread: lot of "Bad request. The CSRF tokens do not match"
Hi all,
I am getting a lot of *Bad request. The CSRF tokens do not match.* with the following setup on Ubuntu 20.04...
apache 2.4.41-4ubuntu3
python 3.8.2
... and took the following steps...
- Used venv to create the virtual environment
- Installed pgadmin4.23 via pip inside the venv
- Made /data/pgadmin4, /data/.env/pgadmin and /var/log/pgadmin/pgadmin.log owned by pgadmin:pgadmin
- Placed my old config_local.py in the new venv.
- Ran the setup.py within the venv
My normal website is running and apache is redirecting all http traffic to https automatically and use letsencrypt
I can log into pgadmin if I reload the page or double click on links within the app after a lot of reloading and double clicking links I can send sql commands to postgresql and receive answers
I guess there is something not working with how the Flask CSRF cookie structure works in combination with my configuration but am clueless at the moment.
I tried adding COOKIE configs inside config_local.py but with the same result. Even disabled the firefox config setting Upgrade-Insecure-Requests but no change.
I tested in Firefox 78.0.1 (64-bit) and Chromium Version 83.0.4103.116 (Official Build) snap (64-bit) and both give this error.
Can pgAdmin4 run in a python 3.8 already?
regards,
Bastiaan
Apache error:
ERROR\tflask.app:\t400 Bad Request: The CSRF tokens do not match.
Traceback (most recent call last):
File "/data/.envs/pgadmin/lib/python3.8/site-packages/flask_wtf/csrf.py", line 256, in protect
validate_csrf(self._get_csrf_token())
File "/data/.envs/pgadmin/lib/python3.8/site-packages/flask_wtf/csrf.py", line 106, in validate_csrf
raise ValidationError('The CSRF tokens do not match.')
wtforms.validators.ValidationError: The CSRF tokens do not match.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/data/.envs/pgadmin/lib/python3.8/site-packages/flask/app.py", line 1811, in full_dispatch_request
rv = self.preprocess_request()
File "/data/.envs/pgadmin/lib/python3.8/site-packages/flask/app.py", line 2087, in preprocess_request
rv = func()
File "/data/.envs/pgadmin/lib/python3.8/site-packages/flask_wtf/csrf.py", line 224, in csrf_protect
self.protect()
File "/data/.envs/pgadmin/lib/python3.8/site-packages/flask_wtf/csrf.py", line 259, in protect
self._error_response(e.args[0])
File "/data/.envs/pgadmin/lib/python3.8/site-packages/flask_wtf/csrf.py", line 302, in _error_response
raise CSRFError(reason)
flask_wtf.csrf.CSRFError: 400 Bad Request: The CSRF tokens do not match.
<MiddleMouse>
Traceback (most recent call last):
File "/data/.envs/pgadmin/lib/python3.8/site-packages/flask_wtf/csrf.py", line 256, in protect
validate_csrf(self._get_csrf_token())
File "/data/.envs/pgadmin/lib/python3.8/site-packages/flask_wtf/csrf.py", line 106, in validate_csrf
raise ValidationError('The CSRF tokens do not match.')
wtforms.validators.ValidationError: The CSRF tokens do not match.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/data/.envs/pgadmin/lib/python3.8/site-packages/flask/app.py", line 1811, in full_dispatch_request
rv = self.preprocess_request()
File "/data/.envs/pgadmin/lib/python3.8/site-packages/flask/app.py", line 2087, in preprocess_request
rv = func()
File "/data/.envs/pgadmin/lib/python3.8/site-packages/flask_wtf/csrf.py", line 224, in csrf_protect
self.protect()
File "/data/.envs/pgadmin/lib/python3.8/site-packages/flask_wtf/csrf.py", line 259, in protect
self._error_response(e.args[0])
File "/data/.envs/pgadmin/lib/python3.8/site-packages/flask_wtf/csrf.py", line 302, in _error_response
raise CSRFError(reason)
flask_wtf.csrf.CSRFError: 400 Bad Request: The CSRF tokens do not match.
<MiddleMouse>
config_local.py
LOG_FILE = '/var/log/pgadmin/pgadmin.log'
SQLITE_PATH = '/data/pgadmin4/pgadmin4.db'
SESSION_DB_PATH = '/data/pgadmin4/sessions'
STORAGE_DIR = '/data/pgadmin4/storage'
SERVER_MODE = True
ENHANCED_COOKIE_PROTECTION = False
SESSION_COOKIE_SECURE = True
SESSION_COOKIE_HTTPONLY = True
REMEMBER_COOKIE_SECURE = True
REMEMBER_COOKIE_HTTPONLY = True
SQLITE_PATH = '/data/pgadmin4/pgadmin4.db'
SESSION_DB_PATH = '/data/pgadmin4/sessions'
STORAGE_DIR = '/data/pgadmin4/storage'
SERVER_MODE = True
ENHANCED_COOKIE_PROTECTION = False
SESSION_COOKIE_SECURE = True
SESSION_COOKIE_HTTPONLY = True
REMEMBER_COOKIE_SECURE = True
REMEMBER_COOKIE_HTTPONLY = True
apache virtual env config:
<VirtualHost*:80>
ServerName www.[DOMAINNAME]
ServerAlias *.[DOMAINNAME]
#DocumentRoot /var/www/[DOMAINNAME]/htdocs
<Directory "/var/www/[DOMAINNAME]/htdocs">
OptionsIndexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog /var/log/apache2/error.[DOMAINNAME].log
Redirectpermanent / https://www.[DOMAINNAME]/
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>
<VirtualHost*:443>
#Let'sencrypt
SSLCertificateFile /etc/letsencrypt/live/www.[DOMAINNAME]/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.[DOMAINNAME]/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
ServerName www.[DOMAINNAME]
DocumentRoot /var/www/[DOMAINNAME]/htdocs
ErrorLog /var/log/apache2/error.[DOMAINNAME].log
#Normalwebsite
<Directory "/var/www/[DOMAINNAME]/htdocs">
OptionsIndexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
#www.[DOMAINNAME]/db = pgadmin4 application
WSGIDaemonProcesspgadmin user=pgadmin group=pgadmin processes=2 threads=5 python-home=/data/.envs/pgadmin
WSGIScriptAlias/db /data/.envs/pgadmin/lib/python3.8/site-packages/pgadmin4/pgAdmin4.wsgi
<Directory /data/.envs/pgadmin/lib/python3.8/site-packages/pgadmin4>
WSGIProcessGrouppgadmin
WSGIApplicationGroup%{GLOBAL}
Require all granted
</Directory>
</VirtualHost>
ServerName www.[DOMAINNAME]
ServerAlias *.[DOMAINNAME]
#DocumentRoot /var/www/[DOMAINNAME]/htdocs
<Directory "/var/www/[DOMAINNAME]/htdocs">
OptionsIndexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog /var/log/apache2/error.[DOMAINNAME].log
Redirectpermanent / https://www.[DOMAINNAME]/
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>
<VirtualHost*:443>
#Let'sencrypt
SSLCertificateFile /etc/letsencrypt/live/www.[DOMAINNAME]/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.[DOMAINNAME]/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
ServerName www.[DOMAINNAME]
DocumentRoot /var/www/[DOMAINNAME]/htdocs
ErrorLog /var/log/apache2/error.[DOMAINNAME].log
#Normalwebsite
<Directory "/var/www/[DOMAINNAME]/htdocs">
OptionsIndexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
#www.[DOMAINNAME]/db = pgadmin4 application
WSGIDaemonProcesspgadmin user=pgadmin group=pgadmin processes=2 threads=5 python-home=/data/.envs/pgadmin
WSGIScriptAlias/db /data/.envs/pgadmin/lib/python3.8/site-packages/pgadmin4/pgAdmin4.wsgi
<Directory /data/.envs/pgadmin/lib/python3.8/site-packages/pgadmin4>
WSGIProcessGrouppgadmin
WSGIApplicationGroup%{GLOBAL}
Require all granted
</Directory>
</VirtualHost>
Hi
On Thu, Jul 9, 2020 at 9:06 AM bw <bwakkie@gmail.com> wrote:
Hi all,I am getting a lot of *Bad request. The CSRF tokens do not match.* with the following setup on Ubuntu 20.04...
...
WSGIDaemonProcesspgadmin user=pgadmin group=pgadmin processes=2 threads=5 python-home=/data/.envs/pgadmin
That line is likely your problem. Change processes to 1 (and maybe increase threads to 20 or more).
With multiple processes, you have multiple instances of the pgAdmin server running. Each will have its own connection pool and CSRF tokens etc. so when a session starts on one process and then later makes a request that hits the second process, things will go kaboom.
Super thank you Dave. Solved.