403 on POST requests
Steps to reproduce
Note that this does not seem to affect GET
requests
- Log on to a server running on the develop branch (e.g. Demo/local development/tanukitunes)
- Try to upload a track (I've also had it occur when trying to create new libraries)
What happens?
A 403 "Access Denied" error is returned
What is expected?
A 200 "Success" message is returned
Context
Funkwhale version(s) affected: 0.21+git.d0e6cd40
Docker multi-container, nginx reverse proxy, Firefox and Chromium tested
Example headers being sent
Host: localhost:8000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost:8000/library/2cc080e5-9643-4d10-957b-aacfaaacf9e0/upload?import=2020-06-06T21%3A33%3A20%2B01%3A00
Authorization: undefined
Content-Type: multipart/form-data; boundary=---------------------------168303692229214573002433610235
Content-Length: 10808062
Origin: http://localhost:8000
Connection: keep-alive
Cookie: csrftoken=D7H89LqQZwGyK52fJ11A4JJGJi0vrMVPQFhUvTnA6XGiO8h3whqv3zx6cBqiMFOO; sessionid=dbm01thv7hb9viyvb1sy6tt90qooecl2
DNT: 1
Example logs from develop Docker
api_1 | 2020-06-06 19:49:07,751 django.request WARNING Forbidden: /api/v1/libraries/
api_1 | INFO: 172.19.0.7:57184 - "POST /api/v1/libraries/ HTTP/1.1" 403 Forbidden
nginx_1 | 172.18.0.1 - - [06/Jun/2020:19:49:07 +0000] "POST /api/v1/libraries/ HTTP/1.1" 403 58 "http://localhost:8000/content/libraries/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36" "-"