[Lava-users] lava-server login error

Zoran S zoran.stojsavljevic.de at gmail.com
Mon Aug 6 08:40:00 UTC 2018


Please, try this:
CSRF protection

In case of CSRF errors when logging in Lava, read this
<https://staging.validation.linaro.org/static/docs/v2/installing_on_debian.html#django-localhost>
.

Set *CSRF_COOKIE_SECURE* and *SESSION_COOKIE_SECURE* to *false* in Lava
server settings:

sudo vi /etc/lava-server/settings.conf

Restart Lava *gunicorn* server:

sudo service lava-server-gunicorn restart

_______

Hope this helps!

Zoran

On Mon, Aug 6, 2018 at 7:55 AM, ljh_dev <ljh_dev at 126.com> wrote:

> Added a little from previous email ,resend:
> I might not say it clearly, let me repeat it again.
> According to lava installation document ,I had installed lava-server to
> debian 9.5.0.Creating super user operation is ok(by command: sudo
> lava-server manage createsuperuser --username $USERNAME --email=$EMAIL, and
> username and passwd are both simple )  .
> Accessing main page is ok. When enter Sign in page,  input just registered
> username and password to login then the firefox browser displayed err page:
> "
> You are seeing this message because this site requires a CSRF cookie when
> submitting forms. This cookie is required for security reasons, to ensure
> that your browser is not being hijacked by third parties.
> If you have configured your browser to disable cookies, please re-enable
> them, at least for this site, or for 'same-origin' requests.
> "
> I had added following lines in etc/lava-server/settings.conf:
> "CSRF_COOKIE_SECURE": false,
> "SESSION_COOKIE_SECURE": false
>
> And reboot computer and login again, the err is still so. Trying
> disable/enable cookies  is still so. At another computer I used chrome
> browser remote access nava-server,it is still the same err.
>
> I just did some login experiments again,all error same as before.  I find
> when intentional input  a err username that does not exist,it return same
> error page(Is the new user not successfully established?).
> I add a new user by using both methods and both return ok:
> method 1.
>     first:
> sudo lava-server manage users add <username> --passwd <password>
> then:
> sudo lava-server manage authorize_superuser --username {username}
> //the {username } is created by previous line command,command return for
> example: User u1 granted superuser rights
> method 2.
>       sudo lava-server manage createsuperuser --username $USERNAME
> --email=$EMAIL
>
>
>
> At 2018-08-06 13:40:01, "ljh_dev" <ljh_dev at 126.com> wrote:
>
> I might not say it clearly, let me repeat it again.
> According to lava installation document ,I had installed lava-server to
> debian 9.5.0.Creating super user operation is ok(by command: sudo
> lava-server manage createsuperuser --username $USERNAME --email=$EMAIL, and
> username and passwd are both simple )  .
> Accessing main page is ok. When enter Sign in page,  input just registered
> username and password to login then the firefox browser displayed err page:
> "
> You are seeing this message because this site requires a CSRF cookie when
> submitting forms. This cookie is required for security reasons, to ensure
> that your browser is not being hijacked by third parties.
> If you have configured your browser to disable cookies, please re-enable
> them, at least for this site, or for 'same-origin' requests.
> "
> I had added following lines in etc/lava-server/settings.conf:
> "CSRF_COOKIE_SECURE": false,
> "SESSION_COOKIE_SECURE": false
>
> And reboot computer and login again, the err is still so. Trying
> disable/enable cookies  is still so. At another computer I used chrome
> browser remote access nava-server,it is still the same err.
>
> I just did some login experiments again,all error same as before.  I find
> when intentional input  a err username that does not exist,it return same
> error page(Is the new user not successfully established?).
> I add a new user by using both methods and both return ok:
> method1.
>     first:
> sudo lava-server manage users add <username> --passwd <password>
> then:
> sudo lava-server manage authorize_superuser --username {username} //the
> {username } is created by previous line command,command return for example:
> User u1 granted superuser rights
>
>
>
>
>
>
>
> 在 2018-08-03 17:16:43,"Neil Williams" <neil.williams at linaro.org> 写道:
>
> On Fri, 3 Aug 2018 at 10:11, ljh_dev <ljh_dev at 126.com> wrote:
>
>> Hi,
>> According to lava installation document ,I had installed lava-server to
>> debian 9.5.0.Creating super user operation is ok(sudo lava-server manage
>> createsuperuser --username $USERNAME --email=$EMAIL)  . But when using
>> firefox browser to login in by created name , response message:
>>   --
>>     SRF verification failed. Request aborted.
>>
>
> This is covered in the documentation: https://validation.linaro.org/
> static/docs/v2/installing_on_debian.html#using-localhost-
> or-non-https-instance-url
>
> If you are setting up an instance to be used by others, you should set up
> https:// support - if this is just localhost, you need to tell Django to
> accept http usage.
>
>
>
>> You are seeing this message because this site requires a CSRF cookie when
>> submitting forms. This cookie is required for security reasons, to ensure
>> that your browser is not being hijacked by third parties.
>> If you have configured your browser to disable cookies, please re-enable
>> them, at least for this site, or for 'same-origin' requests.
>>  --
>> After configured browser to disable cookies,the response is still so.
>>
>> Jiang Lao
>>
>>
>>
>>
>>
>> _______________________________________________
>> Lava-users mailing list
>> Lava-users at lists.linaro.org
>> https://lists.linaro.org/mailman/listinfo/lava-users
>>
>
>
> --
>
> Neil Williams
> =============
> neil.williams at linaro.org
> http://www.linux.codehelp.co.uk/
>
>
>
>
>
>
>
> 【网易自营|30天无忧退货】爱上书写:施华洛世奇制造商星空原色水晶笔,限时仅29元>>
> <http://you.163.com/item/detail?id=1092001&from=web_gg_mail_jiaobiao_7>
>
>
> _______________________________________________
> Lava-users mailing list
> Lava-users at lists.linaro.org
> https://lists.linaro.org/mailman/listinfo/lava-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linaro.org/pipermail/lava-users/attachments/20180806/9c46dc39/attachment.html>


More information about the Lava-users mailing list