Set incorrect value for CSRF_TRUSTED_ORIGINS

I accidentally set in the gui under settings > miscellaneous system > CSRF Trusted Origins List a wild card ‘*’ now my controller goes in a error loop with the error below.

I know I can fix this with the following code to overwrite whats I did.

  extra_settings:
    - setting: CSRF_TRUSTED_ORIGINS
      value:
        - https://dnsawx.com

However If I ever remove this part it will go back to the old CSRF that i set and go into a crash loop again. Does anyone know where this is stored? is it in the db ? can I change this easily without having to use the value on my yaml?

AWX version: AWX 22.5.0

  • Include relevant logs from the issue
System check identified some issues:\\n\\nERRORS:\\n?: (4_0.E001) As of Django 4.0, the values in the CSRF_TRUSTED_ORIGINS setting must start with a scheme (usually http:// or https://) but found *. See the release notes for details.\\n\", \"stderr_lines\": [\"SystemCheckError: System check identified some issues:\", \"\", \"ERRORS:\", \"?: (4_0.E001) As of Django 4.0, the values in the CSRF_TRUSTED_ORIGINS setting must start with a scheme (usually http:// or https://) but found *. See the release notes for details

Hi, AFAIK all settings that changed through GUI are stored on the DB.

$ kubectl -n awx exec -it awx-postgres-13-0 -- psql -U awx -c "select * from conf_setting where key = 'CSRF_TRUSTED_ORIGINS';"
 id |            created            |           modified            |         key          | value | user_id 
----+-------------------------------+-------------------------------+----------------------+-------+---------
  9 | 2024-05-11 14:30:59.853558+00 | 2024-05-11 14:30:59.853566+00 | CSRF_TRUSTED_ORIGINS | ["*"] |        
(1 row)

I don’t know if there is a better way, but I believe it is possible to update it directly in SQL. Please make sure you back the DB up before you try this.

$ kubectl -n awx exec -it awx-postgres-13-0 -- psql -U awx -c "update conf_setting set value = '[]' where key = 'CSRF_TRUSTED_ORIGINS';"
UPDATE 1

$ kubectl -n awx exec -it awx-postgres-13-0 -- psql -U awx -c "select * from conf_setting where key = 'CSRF_TRUSTED_ORIGINS';"
 id |            created            |           modified            |         key          | value | user_id 
----+-------------------------------+-------------------------------+----------------------+-------+---------
  9 | 2024-05-11 14:30:59.853558+00 | 2024-05-11 14:30:59.853566+00 | CSRF_TRUSTED_ORIGINS | []    |        
(1 row)

BTW, some validations are improved in newer AWX so that CSRF Trusted Origins can’t be updated with any values that don’t contain a schema. Please consider upgrading :smiley:

2 Likes

Something I learn recently. If u want to bring up a debug pod and be able to do ‘awx-manage shell_plus’ u can use kubectl debug | Kubernetes

So ‘kubectl debug awx-task -c awx-task’ will start up duplicate debug pod

U can even run it as root and install debugger and whatnot than start awx with launch_awx_<task/web> and u will have a functional awx with proper debuggers :wink:

4 Likes

I will give that a try ty!

We will upgrade hopefully after fixing this. My fear is that the upgrade will break due to this and leave our deployment in a bad state.