CSRF 403 error when trying to enable guest agent.

[oreillymj]

Since upgrading to the latest version of Webvirt cloud and associated django version, I see CSRF 403 errors when using the UI.
Specifically trying to enable the guest agent.

Looking at Chrome dev tools, I see a mis-match between the forms csrf token and the value in the csrf cookie.

I'm completely unable to login in a private window due to a 403.

When looking at dev tools, I see cookie set to
csrftoken=zhMVW2QdpvjMWGcW8umYb32sUYvlEu5z; token=3-5570c1d9-8da8-437e-84e4-fb5ce744b36e

but the csrftoken on the embedded form is ....

csrfmiddlewaretoken: 878NbOOzWhERjIK09BJGlZinBQ7zrxXyxeKyXGuCbCNt5eMM7VVumSaFlEsKVRSX

Not sure if that mismatch causes the 403

[catborise]

Could you be trying to reactivate a previously activated device? "Disconnected" typically means that guest tools are not installed on the operating system or the guest service is not running.

[oreillymj]

All was working before upgrading to latest github commit. supervisorctl shows 3 running services.
I should mention that I have upgrade from Ubuntu20.04LTS ->22.04LTS, got Webvirtcloud running and I'm now on the 24.04 beta. I had to re-run pip3 so I maybe on a newer Django release which has stricter CSRF protection.

https://docs.djangoproject.com/en/5.0/howto/csrf/

[whsir]

I'm having the same problem.
CSRF 403

[jbguo424]

Modify the settings.py like below
CSRF_TRUSTED_ORIGINS = ['http://localhost','http://your ip']