| From: | Shakir Idrisi <shakir(at)webuzo(dot)com> |
|---|---|
| To: | Yogesh Mahajan <yogesh(dot)mahajan(at)enterprisedb(dot)com> |
| Cc: | "pgadmin-support lists(dot)postgresql(dot)org" <pgadmin-support(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Issue with pgAdmin 4 Login Behind NGINX Reverse Proxy at /pgadmin4 Path |
| Date: | 2025-08-04 11:04:02 |
| Message-ID: | CAKZfs-rhhGwQ7-6J1AVnf7-_EikSnheEGkcjiNWgkO8oqnuFRg@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgadmin-support |
Hi,
I’ve tried the suggested changes, but I’m still encountering the same issue
— a blank page appears after logging in over HTTPS.
As a workaround, I modified the config_local.py file and set:
*WTF_CSRF_CHECK_DEFAULT = False*
With this change, pgAdmin works correctly on HTTPS. However, I understand
that disabling CSRF protection is not recommended in a production
environment, so I’m looking for a more secure solution.
Here’s a snippet of my current *config_local.py* for reference:
DATA_DIR = '/var/lib/pgadmin4'
SQLITE_PATH = '/var/lib/pgadmin4/pgadmin4.db'
SESSION_DB_PATH = '/var/lib/pgadmin4/sessions'
STORAGE_DIR = '/var/lib/pgadmin4/storage'
AZURE_CREDENTIAL_CACHE_DIR = '/var/lib/pgadmin4/azurecredentialcache'
KERBEROS_CCACHE_DIR = '/var/lib/pgadmin4/kerberoscache'
SCRIPT_NAME = '/pgadmin4'
LOG_LEVEL = 'DEBUG'
CONSOLE_LOG_LEVEL = 50 # INFO = 20, WARNING = 30, ERROR = 40, CRITICAL = 50
FILE_LOG_LEVEL = 20
LOG_FILE = '/var/lib/pgadmin4/log/pgadmin4.log'
Could you please help me identify the correct settings to securely enable
CSRF protection while ensuring pgAdmin functions properly over both HTTP
and HTTPS under /pgadmin4?
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Yogesh Mahajan | 2025-08-05 04:22:26 | Re: Issue with pgAdmin 4 Login Behind NGINX Reverse Proxy at /pgadmin4 Path |
| Previous Message | Yogesh Mahajan | 2025-08-04 10:55:33 | Re: Issue with pgAdmin 4 Login Behind NGINX Reverse Proxy at /pgadmin4 Path |