Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1uj9Cg-003WAm-74 for pgadmin-support@arkaria.postgresql.org; Tue, 05 Aug 2025 04:23:10 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1uj9Ce-007201-VX for pgadmin-support@arkaria.postgresql.org; Tue, 05 Aug 2025 04:23:08 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1uj9Ce-0071zt-Lu for pgadmin-support@lists.postgresql.org; Tue, 05 Aug 2025 04:23:08 +0000 Received: from mail-yb1-xb29.google.com ([2607:f8b0:4864:20::b29]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1uj9Cb-000oSS-0p for pgadmin-support@lists.postgresql.org; Tue, 05 Aug 2025 04:23:07 +0000 Received: by mail-yb1-xb29.google.com with SMTP id 3f1490d57ef6-e901c374ed2so190207276.3 for ; Mon, 04 Aug 2025 21:23:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=enterprisedb.com; s=google; t=1754367783; x=1754972583; darn=lists.postgresql.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=f0eGmIKqaxZ6v1RPl9f2jnr9XM3Wr7QNvnQZasmWRNU=; b=I2KfWroiSWPyGsx5LxPjBQXKLCxkMZCsQ0ZVxkE1Q8z+PAh9KhDOwQcxCBdpTpJZTy vbP6zbO0LHDZp56hn5H2nZrA6VMIXH4F2YXskU98x6EhbHpjzj894i44zjRYQQsR3fbR DaURJXcXspUTfpBtY6rVCJfgvZxernbJV4NP5Ms+FN1u9cbDGBx0yHhVfjO94zx006cN GlNVMwMrDwfIZFggWhRUv3G2Mv56o9HgFtfB6/Rumdg/kBUVzoAAGEGflO8UEs9JWdvq ii+PeZRgMIR8zRHlzsxlMNhZ+AL6ROqOvqtGmnZBFNRmZ6bWOdJsNSM7YkKVgfvPPKC2 9Y0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1754367783; x=1754972583; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=f0eGmIKqaxZ6v1RPl9f2jnr9XM3Wr7QNvnQZasmWRNU=; b=wl8KeuI0a/2iUU1QXFpH1/sU4LasyF2mLysjOWdx8jfRYuO/3RsLzC+rfJmlD7krXG oUe3akzXdh54WhDxVQm6MWROjAdR4vurUB3RJeJQq0751RUYF2xygOt3v5HBJkYL+Amk RGUsbsuMri8gnd46f/Rozlak9yWxCz1FrSJfeN8J5RnOoTb7uXhoC5rk9qTes/BX5bBr QAbZ2r6gHh4nOaX4AkaLOksJ0wZUGDPk/WOwgSgrlYyEXNuyXoAI9FPMy9i5u1Qxn0MD j70vcKhd5mSKD+I21a2Vwu7LZDua79YDpYoJx6UQdUbOh+u7L2dtv3JTSRoBnXruaHrN 2XFQ== X-Gm-Message-State: AOJu0YwdXX6jPPZ5eEU23HzTdPDCklUGN6CEAo0myvxb7gnmltGNg8Au dX1qCO+FOGRqFSyJHm19ZBgo7iqFHP+cqIvzoScOYWj1c4l0KMDRX/QQp+QvxxkvCgZnfldmUwj An69h72KzmkhIjxzHmE4Lb8Mtdz1VfcCLSOFeP2PbP66gDKsXCdpcKw== X-Gm-Gg: ASbGncsYOaCm0TAh63M0s/3R8QN2livOh/hW095kmCPVcXw5KMy1QEr2HPEXNZ1Br1r cE1MCMcQGIlSgoFfFcgIemkEprahH2wEDz/QJF7AzL+ORvyA8wTq7P4iM5fTJanCh6pPAbqR7Yc dMyiYQmJsY8xjE9jDLKxrmsXH0J1QU6tgxCioixDkfs9XxyfWZMEPmWm+vqYxDstcVer67SapaC JmXbewuubAWr0G7da7rnoYhQkKBXlH02whd7gs= X-Google-Smtp-Source: AGHT+IGOT+oUqDUHTE3uZKzdGXPmNGnb+IcXg6FHAFqz56VaS8l7CODlygh1HwukkNt1aVFTK4UxHjkHYRhJuf3yD7w= X-Received: by 2002:a05:6902:70a:b0:e90:10ec:39a0 with SMTP id 3f1490d57ef6-e9010ec3fe6mr4873197276.9.1754367782875; Mon, 04 Aug 2025 21:23:02 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Yogesh Mahajan Date: Tue, 5 Aug 2025 09:52:26 +0530 X-Gm-Features: Ac12FXxwS1O4uws6yHoRhpG_Jtm-oBqHIGOxrqklN8o0qv0oM3BMAkyUlyudNYw Message-ID: Subject: Re: Issue with pgAdmin 4 Login Behind NGINX Reverse Proxy at /pgadmin4 Path To: Shakir Idrisi Cc: "pgadmin-support lists.postgresql.org" Content-Type: multipart/alternative; boundary="000000000000811630063b96942b" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --000000000000811630063b96942b Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi, I have already provided the nginx configuration. Have you tried it? Issues is clearly with Nginx config. Thanks, Yogesh Mahajan EnterpriseDB On Mon, Aug 4, 2025 at 4:34=E2=80=AFPM Shakir Idrisi wr= ote: > Hi, > I=E2=80=99ve tried the suggested changes, but I=E2=80=99m still encounter= ing the same > issue =E2=80=94 a blank page appears after logging in over HTTPS. > > As a workaround, I modified the config_local.py file and set: > *WTF_CSRF_CHECK_DEFAULT =3D False* > > With this change, pgAdmin works correctly on HTTPS. However, I understand > that disabling CSRF protection is not recommended in a production > environment, so I=E2=80=99m looking for a more secure solution. > > Here=E2=80=99s a snippet of my current *config_local.py* for reference: > > DATA_DIR =3D '/var/lib/pgadmin4' > SQLITE_PATH =3D '/var/lib/pgadmin4/pgadmin4.db' > SESSION_DB_PATH =3D '/var/lib/pgadmin4/sessions' > STORAGE_DIR =3D '/var/lib/pgadmin4/storage' > AZURE_CREDENTIAL_CACHE_DIR =3D '/var/lib/pgadmin4/azurecredentialcache' > KERBEROS_CCACHE_DIR =3D '/var/lib/pgadmin4/kerberoscache' > > SCRIPT_NAME =3D '/pgadmin4' > > LOG_LEVEL =3D 'DEBUG' > CONSOLE_LOG_LEVEL =3D 50 # INFO =3D 20, WARNING =3D 30, ERROR =3D 40, CR= ITICAL =3D > 50 > FILE_LOG_LEVEL =3D 20 > LOG_FILE =3D '/var/lib/pgadmin4/log/pgadmin4.log' > > Could you please help me identify the correct settings to securely enable > CSRF protection while ensuring pgAdmin functions properly over both HTTP > and HTTPS under /pgadmin4? > >> --000000000000811630063b96942b Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi,

I have already=C2=A0provided the nginx configuration. Have you tried it? I= ssues is clearly with Nginx config.

Thanks,
Yogesh Mahajan
EnterpriseDB


On Mon, Aug 4, 2025 at 4:34=E2=80=AFPM Shakir Idrisi <= ;shakir@webuzo.com> wrote:
<= /div>
Hi,
I=E2=80=99ve= tried the suggested changes, but I=E2=80=99m still encountering the same i= ssue =E2=80=94 a blank page appears after logging in over HTTPS.

As = a workaround, I modified the config_local.py file and set:
WTF_CSRF_C= HECK_DEFAULT =3D False

With this change, pgAdmin works correctly= on HTTPS. However, I understand that disabling CSRF protection is not reco= mmended in a production environment, so I=E2=80=99m looking for a more secu= re solution.

Here=E2=80=99s a snippet of my current config_local.= py for reference:

DATA_DIR =3D '/var/lib/pgadmin4'
SQ= LITE_PATH =3D '/var/lib/pgadmin4/pgadmin4.db'
SESSION_DB_PATH = =3D '/var/lib/pgadmin4/sessions'
STORAGE_DIR =3D '/var/lib/p= gadmin4/storage'
AZURE_CREDENTIAL_CACHE_DIR =3D '/var/lib/pgadmi= n4/azurecredentialcache'
KERBEROS_CCACHE_DIR =3D '/var/lib/pgadm= in4/kerberoscache'

SCRIPT_NAME =3D '/pgadmin4'

LO= G_LEVEL =3D 'DEBUG'
CONSOLE_LOG_LEVEL =3D 50 =C2=A0# INFO =3D 20= , WARNING =3D 30, ERROR =3D 40, CRITICAL =3D 50
FILE_LOG_LEVEL =3D 20LOG_FILE =3D '/var/lib/pgadmin4/log/pgadmin4.log'

Could you= please help me identify the correct settings to securely enable CSRF prote= ction while ensuring pgAdmin functions properly over both HTTP and HTTPS un= der /pgadmin4?
<= blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-l= eft-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);pa= dding-left:1ex">
=
--000000000000811630063b96942b--