Problem: Storage Service with HTTPS - Forbidden (403) CSRF verification failed.

[jens-st]

Expected behaviour
Successful login with correct credentials.

Current behaviour

Login fails with Forbidden (403) CSRF verification failed. Request aborted.

Steps to reproduce

• Using steps/templates described in Configure Archivematica with SSL.
• Try logging into storage service.

Your environment (version of Archivematica, operating system, other relevant details)

• Archivematica v1.17.0
• Storage Service v0.23.0
• Ubuntu Server 22.04.5 LTS

Workaround for now

• set CSRF_TRUSTED_ORIGINS=https://HOSTNAME:PORT in /etc/defaults/archivematica-storage-service
  • https://github.com/artefactual/archivematica-storage-service/blob/v0.23.0/install/README.md
• restart storage service

My question

• What I do not know: Is this workaround really a good solution or just masking the real issue with django & the login form (using HTTPS)?
• The workaround is not necessary for using HTTPS with the dashboard.

---

For Artefactual use:

Before you close this issue, you must check off the following:

• All pull requests related to this issue are properly linked
• All pull requests related to this issue have been merged
• A testing plan for this issue has been implemented and passed (testing plan information should be included in the issue body or comments)
• Documentation regarding this issue has been written and merged (if applicable)
• Details about this issue have been added to the release notes (if applicable)