Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1uiszK-00H92U-VN for pgadmin-support@arkaria.postgresql.org; Mon, 04 Aug 2025 11:04:19 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1uiszJ-000kvo-QJ for pgadmin-support@arkaria.postgresql.org; Mon, 04 Aug 2025 11:04:17 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1uiszJ-000kvg-Dn for pgadmin-support@lists.postgresql.org; Mon, 04 Aug 2025 11:04:17 +0000 Received: from mail-ej1-x636.google.com ([2a00:1450:4864:20::636]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1uiszG-000ggq-2j for pgadmin-support@lists.postgresql.org; Mon, 04 Aug 2025 11:04:17 +0000 Received: by mail-ej1-x636.google.com with SMTP id a640c23a62f3a-ae6f8d3bcd4so880508466b.1 for ; Mon, 04 Aug 2025 04:04:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=webuzo-com.20230601.gappssmtp.com; s=20230601; t=1754305454; x=1754910254; darn=lists.postgresql.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=Jasqju2w/Re4rQpndC8ig+S0qwB/d+ANO5fRyKhmHZ4=; b=RA6BGonBkr4upjGlntELPC210qGXYyL7Kmcw1m4tSU9Sb0sGKdiwEOnXf1Q8hnUTJX laM4XQrxv8b0zqZqn/p7Q8XH6TJOUukoOqBYdLh/l+giWHJK4ccOdzTHlxJww9njADhv K4/BdkE6n4r4tgidWpjSCX3Y0PBySrya3X+/7tYKzg83XqQpCces3GDaGmrh98az9/bg vB9uKgoj3hiDK4lQtKap0QnbkirlCuqwZ2OyYEh3rA1pox4fd3jEdTCRIoslGwUghPxe OLVbASkkctcOQ1XFvMKQ3enbodMFJYxXkVimoKSxa3Uu4wLWx8wEB3rHz/+rEdb5fSf8 dh/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1754305454; x=1754910254; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Jasqju2w/Re4rQpndC8ig+S0qwB/d+ANO5fRyKhmHZ4=; b=WlKu1Z/7c/eKe7gdw3nSmclsNTLVLd+Lt8+dDplZhm/6UcTp6adW+mMu48FoaOy4TV ZkWmrcYimbWOu9IdeENIb1UIHO5gh2yc25GziOX5xbIeCXe9fvvJXEtilPHLA2zNWV+Z OM4Tx5HflJLEUuKQuGzlBe/BJN1atWAtjPUvN5AmcNnOaXuhbQfnlJoXX7E5LZrvtlZH JcP0eFkh7zlG4g27cbiPLRLHWnH4bCCozeeceM25Ndx3i+f+u5at16lQCVmbCJjEyOS9 f3CTg9nqn0Mx8UPUze6ZFDI1iTrzI50OO8BXhBT8nOU9QWKKllvfaLG3tmvhBHTDAxc2 0jFQ== X-Gm-Message-State: AOJu0YwpI7Ue7UqizWqXCu828nAvKBGPw+GlBMsQ0iym+doYzZy9EEJj 3N8O9UXQXRqbkopBoEApinEz8WANv96ALaL9nC/mY7YGIrHY54/qKL1wKuf4Az3RDJztFelu6KV X/rP0SMB7jbsJgQsPjjgPEnCGiVz4wxRDIfY4BVWP3C2Pqhu64TJ1lTI= X-Gm-Gg: ASbGnctMV0P5eB6LJswzwIRTKCWTB9Rrp8cyxshpmL4uvPcnlBvHR/Ixqhtv2eUX3yt 7vh3B2fSLFf96uevxgBA/qgoGN9vBwX31250C5y/5r3SiqScJO+EWpXAR1JGOLrw+WNzPdEVQcE h2uVu5JAyhdRVKX3IE6LZwXaH092eJ/Ha2uz14HUZGixjKYpJ+YmeVzSFaBDmxRK9Ai3jHv75HA LGJ+yJOBsQ+M3Qcnoc= X-Google-Smtp-Source: AGHT+IGGKRmy2F/+ORnHbB/7W+8v+gzMtwyKYaraxM11y2CvCN6S1g7hI6WVaQDCyT4JKLmriHIcpkPL3FGjN41hoFY= X-Received: by 2002:a17:906:7312:b0:af6:361e:664d with SMTP id a640c23a62f3a-af93ffcf84fmr926272466b.7.1754305453657; Mon, 04 Aug 2025 04:04:13 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Shakir Idrisi Date: Mon, 4 Aug 2025 16:34:02 +0530 X-Gm-Features: Ac12FXzSWxgunxUjh_pVcj1P9Gb2zZ9PaFz5CroZIiu-DAPYCeRFpMa_L-pBS-c Message-ID: Subject: Re: Issue with pgAdmin 4 Login Behind NGINX Reverse Proxy at /pgadmin4 Path To: Yogesh Mahajan Cc: "pgadmin-support lists.postgresql.org" Content-Type: multipart/alternative; boundary="00000000000064a272063b881195" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --00000000000064a272063b881195 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi, I=E2=80=99ve tried the suggested changes, but I=E2=80=99m still encounterin= g the same issue =E2=80=94 a blank page appears after logging in over HTTPS. As a workaround, I modified the config_local.py file and set: *WTF_CSRF_CHECK_DEFAULT =3D False* With this change, pgAdmin works correctly on HTTPS. However, I understand that disabling CSRF protection is not recommended in a production environment, so I=E2=80=99m looking for a more secure solution. Here=E2=80=99s a snippet of my current *config_local.py* for reference: DATA_DIR =3D '/var/lib/pgadmin4' SQLITE_PATH =3D '/var/lib/pgadmin4/pgadmin4.db' SESSION_DB_PATH =3D '/var/lib/pgadmin4/sessions' STORAGE_DIR =3D '/var/lib/pgadmin4/storage' AZURE_CREDENTIAL_CACHE_DIR =3D '/var/lib/pgadmin4/azurecredentialcache' KERBEROS_CCACHE_DIR =3D '/var/lib/pgadmin4/kerberoscache' SCRIPT_NAME =3D '/pgadmin4' LOG_LEVEL =3D 'DEBUG' CONSOLE_LOG_LEVEL =3D 50 # INFO =3D 20, WARNING =3D 30, ERROR =3D 40, CRIT= ICAL =3D 50 FILE_LOG_LEVEL =3D 20 LOG_FILE =3D '/var/lib/pgadmin4/log/pgadmin4.log' Could you please help me identify the correct settings to securely enable CSRF protection while ensuring pgAdmin functions properly over both HTTP and HTTPS under /pgadmin4? > --00000000000064a272063b881195 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi,
I=E2=80=99ve tried the suggested c= hanges, but I=E2=80=99m still encountering the same issue =E2=80=94 a blank= page appears after logging in over HTTPS.

As a workaround, I modifi= ed the config_local.py file and set:
WTF_CSRF_CHECK_DEFAULT =3D False=

With this change, pgAdmin works correctly on HTTPS. However, I = understand that disabling CSRF protection is not recommended in a productio= n environment, so I=E2=80=99m looking for a more secure solution.

He= re=E2=80=99s a snippet of my current config_local.py for reference:<= br>
DATA_DIR =3D '/var/lib/pgadmin4'
SQLITE_PATH =3D '/va= r/lib/pgadmin4/pgadmin4.db'
SESSION_DB_PATH =3D '/var/lib/pgadmi= n4/sessions'
STORAGE_DIR =3D '/var/lib/pgadmin4/storage'
= AZURE_CREDENTIAL_CACHE_DIR =3D '/var/lib/pgadmin4/azurecredentialcache&= #39;
KERBEROS_CCACHE_DIR =3D '/var/lib/pgadmin4/kerberoscache'
SCRIPT_NAME =3D '/pgadmin4'

LOG_LEVEL =3D 'DEBUG&#= 39;
CONSOLE_LOG_LEVEL =3D 50 =C2=A0# INFO =3D 20, WARNING =3D 30, ERROR = =3D 40, CRITICAL =3D 50
FILE_LOG_LEVEL =3D 20
LOG_FILE =3D '/var/= lib/pgadmin4/log/pgadmin4.log'

Could you please help me identify= the correct settings to securely enable CSRF protection while ensuring pgA= dmin functions properly over both HTTP and HTTPS under /pgadmin4?
<= blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-l= eft:1px solid rgb(204,204,204);padding-left:1ex">
--00000000000064a272063b881195--