I accidentally set in the gui under settings > miscellaneous system > CSRF Trusted Origins List a wild card ‘*’ now my controller goes in a error loop with the error below.
I know I can fix this with the following code to overwrite whats I did.
However If I ever remove this part it will go back to the old CSRF that i set and go into a crash loop again. Does anyone know where this is stored? is it in the db ? can I change this easily without having to use the value on my yaml?
AWX version: AWX 22.5.0
Include relevant logs from the issue
System check identified some issues:\\n\\nERRORS:\\n?: (4_0.E001) As of Django 4.0, the values in the CSRF_TRUSTED_ORIGINS setting must start with a scheme (usually http:// or https://) but found *. See the release notes for details.\\n\", \"stderr_lines\": [\"SystemCheckError: System check identified some issues:\", \"\", \"ERRORS:\", \"?: (4_0.E001) As of Django 4.0, the values in the CSRF_TRUSTED_ORIGINS setting must start with a scheme (usually http:// or https://) but found *. See the release notes for details
Hi, AFAIK all settings that changed through GUI are stored on the DB.
$ kubectl -n awx exec -it awx-postgres-13-0 -- psql -U awx -c "select * from conf_setting where key = 'CSRF_TRUSTED_ORIGINS';"
id | created | modified | key | value | user_id
----+-------------------------------+-------------------------------+----------------------+-------+---------
9 | 2024-05-11 14:30:59.853558+00 | 2024-05-11 14:30:59.853566+00 | CSRF_TRUSTED_ORIGINS | ["*"] |
(1 row)
I don’t know if there is a better way, but I believe it is possible to update it directly in SQL. Please make sure you back the DB up before you try this.
$ kubectl -n awx exec -it awx-postgres-13-0 -- psql -U awx -c "update conf_setting set value = '[]' where key = 'CSRF_TRUSTED_ORIGINS';"
UPDATE 1
$ kubectl -n awx exec -it awx-postgres-13-0 -- psql -U awx -c "select * from conf_setting where key = 'CSRF_TRUSTED_ORIGINS';"
id | created | modified | key | value | user_id
----+-------------------------------+-------------------------------+----------------------+-------+---------
9 | 2024-05-11 14:30:59.853558+00 | 2024-05-11 14:30:59.853566+00 | CSRF_TRUSTED_ORIGINS | [] |
(1 row)
BTW, some validations are improved in newer AWX so that CSRF Trusted Origins can’t be updated with any values that don’t contain a schema. Please consider upgrading
Something I learn recently. If u want to bring up a debug pod and be able to do ‘awx-manage shell_plus’ u can use kubectl debug | Kubernetes
So ‘kubectl debug awx-task -c awx-task’ will start up duplicate debug pod
U can even run it as root and install debugger and whatnot than start awx with launch_awx_<task/web> and u will have a functional awx with proper debuggers
