I am running a Netbox instance, which uses Django. Inside of its parameters, I have to set CSRF_TRUSTED_ORIGINS to the origins I trust for Netbox to work properly.
The Netbox instance I use runs inside a Docker container (netbox-docker).
I have found out that if I write these as a list, like expected in the documentation (see here), I get a 403 error with the following description: CSRF verification failed. Request aborted. Activating debug mode also tells me this: Origin checking failed - https://myurl does not match any trusted origins., which I do not understand because my variable looks like this: CSRF_TRUSTED_ORIGINS=['https://172.23.0.5', 'https://myurl'].
If I set the variable as a simple string, I do not get any error: CSRF_TRUSTED_ORIGINS="https://myurl" works flawlessly for myurl (of course, it still blocks all the other URLs).
That worked for some time, but now I have to add a second domain name referencing my Netbox instance, so I would need to add "https://myurl2" to the trusted origins list. Since having a list does not work here, I do not really know how to proceed.
I have tried to change the way I assign its value to the variable:
CSRF_TRUSTED_ORIGINS="https://myurl","https://myurl2"CSRF_TRUSTED_ORIGINS="https://myurl" "https://myurl2"Those syntaxes just gave me syntax errors (for example, unexpected character "\"" in variable name).
My Netbox (running with Django) only accepts the CSRF_TRUSTED_ORIGINS variable as a string for it to work, while it is supposed to take a list according to its documentation. I need to set more than one trusted origin.
I have found the solution. It was a problem within the netbox-docker implementation. The env file where this parameter was defined actually needed the following format for the variable:
CSRF_TRUSTED_ORIGINS=https://myurl https://myurl2 (same I did try but without quotes).