GitHub user dosubot[bot] added a comment to the discussion: Log in issues - log in page just reloads. May be CSRF issue
<!-- Greeting --> Hi @oleksii-revutskyi! I'm [Dosu](https://go.dosu.dev/dosubot) and I’m helping the superset team. <!-- Answer --> This issue is often caused by proxy or cookie misconfiguration when running Superset behind a proxy or in Docker. Here are the most relevant things to check: - Make sure you have ENABLE_PROXY_FIX = True in your Superset config. This is crucial for correct CSRF and session handling behind a proxy or load balancer, as it ensures Superset interprets X-Forwarded headers properly [(source)](https://github.com/apache/superset/discussions/31584). - Set SESSION_COOKIE_SECURE = True if you are using HTTPS everywhere, or False if you are only using HTTP internally. If this is set incorrectly, cookies (including CSRF tokens) may not be sent or accepted by the browser [(source)](https://github.com/apache/superset/discussions/31584). - Double-check your browser and proxy settings for cookie handling, especially SameSite and Secure flags. If your proxy terminates SSL, make sure it forwards the correct headers and doesn't strip cookies. - If you want to disable CSRF for testing, ensure WTF_CSRF_ENABLED = False is set in the correct config file and is actually being picked up by the running container. Sometimes config changes are not picked up due to Docker caching or mounting issues [(source)](https://github.com/apache/superset/blob/a1cbd2578e24ed6c72024e1d1cf195846ace05d7/superset/config.py). - If you want to troubleshoot further, you can obtain the CSRF token programmatically using Superset’s API endpoint (search for "csrf" in the API docs) to see if the token is being generated and sent correctly [(source)](https://github.com/apache/superset/issues/32315). If you’re still seeing the issue after these checks, please share your Superset config (with secrets redacted) and details about your proxy setup. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/d8dacc4e-6d7f-47d7-a3f3-d68fa0b5170c?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/d8dacc4e-6d7f-47d7-a3f3-d68fa0b5170c?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/d8dacc4e-6d7f-47d7-a3f3-d68fa0b5170c?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/d8dacc4e-6d7f-47d7-a3f3-d68fa0b5170c?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/d8dacc4e-6d7f-47d7-a3f3-d68fa0b5170c?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/d8dacc4e-6d7f-47d7-a3f3-d68fa0b5170c?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/d8dacc4e-6d7f-47d7-a3f3-d68fa0b5170c?feedback_type=other)</sup> [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/issues/33814) GitHub link: https://github.com/apache/superset/discussions/33893#discussioncomment-13566926 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
