Recent changes to Crypt Server have included guards against cross-site request forgery (CSRF) attacks.
If you don’t have your Crypt Server configured correctly, you may run into issues when trying to view a secret (Get Key).
You can get an error like:
Forbidden (403) CSRF verification failed.
DEBUG = True passed as an environment variable, you may see a little more detail but not much helpful:
Origin checking failed - https://www.yourcryptserver.com does not match any trusted origins.
Despite the fact you should be able to do so (based on the Crypt Server README), when I ran into this and tried adding
CSRF_TRUSTED_ORIGINS = ['https://www.mycryptserver.com']
settings.py file before running the docker container, it didn’t seem to be recognized, and I still got a 403 forbidden error.
It wasn’t until I passed
docker run command, to load in
HOST_NAME as an environment variable, that I stopped getting the 403 forbidden error relating to CSRF.
In the future, though, you may have to pass
CSRF_TRUSTED_ORIGINS itself as an environment variable instead of passing
HOST_NAME. More details in this pull request.
From the Docker markdown file in Crypt Server, you can also see an example of how that environment variable would look in the
docker run command: