Skip to content

CSRF verification failed logging into the admin panel #1201

New issue
New issue
Open
Open
CSRF verification failed logging into the admin panel#1201
Labels
fixFix something that isn't working as expected
@ElectricCy

Description

@ElectricCy
ElectricCy
opened on Jun 20, 2025

Server

  • Cloud (https://app.khoj.dev)
  • Self-Hosted Docker
  • Self-Hosted Python package
  • Self-Hosted source code

Clients

  • Web browser
  • Desktop/mobile app
  • Obsidian
  • Emacs
  • WhatsApp

OS

  • Windows
  • macOS
  • Linux
  • Android
  • iOS

Khoj version

latest and pre (1.42.6.dev11)

Describe the bug

I'm running into the CSRF when logging into the admin panel. I am self-hosting and reviewed the other reports of this issue and my issue is still not resolved.

I have accessed the admin panel through localhost and my host ip and same issue. I have tried other browsers as well.

I have tested this both on the latest and pre versions of KHOJ.

Thanks for your help!

Current Behavior

Image

Expected Behavior

I expect the page to bring me to the admin page settings page upon successful login

Reproduction Steps

I can reproduce this issue by simply trying to login the admin panel with the proper credentials.

Possible Workaround

No response

Additional Information

here is my .yml i have set up:

  database:
    image: docker.io/pgvector/pgvector:pg15
    environment:
      POSTGRES_USER: postgres
      POSTGRES_PASSWORD: postgres
      POSTGRES_DB: postgres
    volumes:
      - khoj_db:/var/lib/postgresql/data/
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U postgres"]
      interval: 30s
      timeout: 10s
      retries: 5
  sandbox:
    image: ghcr.io/khoj-ai/terrarium:latest
    healthcheck:
      test: ["CMD-SHELL", "curl -f http://localhost:8080/health"]
      interval: 30s
      timeout: 10s
      retries: 2
  search:
    image: docker.io/searxng/searxng:latest
    volumes:
      - khoj_search:/etc/searxng
    environment:
      - SEARXNG_BASE_URL=http://localhost:8080/
  # Creates Computer for Khoj to use.
  # Set KHOJ_OPERATOR_ENABLED=True in the server service environment variable to enable.
  computer:
    container_name: khoj-computer
    image: ghcr.io/khoj-ai/khoj-computer:latest
    # build:
    #   context: .
    #   dockerfile: computer.Dockerfile
    ports:
      - "5900:5900"
    volumes:
      - khoj_computer:/home/operator
  server:
    depends_on:
      database:
        condition: service_healthy
    # Use the following line to use the latest version of khoj. Otherwise, it will build from source. Set this to ghcr.io/khoj-ai/khoj-cloud:latest if you want to use the prod image.
    image: ghcr.io/khoj-ai/khoj:pre
    # Uncomment the following line to build from source. This will take a few minutes. Comment the next two lines out if you want to use the official image.
    # build:
      # context: .
    ports:
      # If changing the local port (left hand side), no other changes required.
      # If changing the remote port (right hand side),
      #   change the port in the args in the build section,
      #   as well as the port in the command section to match
      - "42110:42110"
    extra_hosts:
      - "host.docker.internal:host-gateway"
    working_dir: /app
    volumes:
      - khoj_config:/root/.khoj/
      - khoj_models:/root/.cache/torch/sentence_transformers
      - khoj_models:/root/.cache/huggingface
      # uncomment line below to mount docker socket to allow khoj to use its computer.
      # - /var/run/docker.sock:/var/run/docker.sock
    # Use 0.0.0.0 to explicitly set the host ip for the service on the container. https://pythonspeed.com/articles/docker-connection-refused/
    environment:
      - POSTGRES_DB=postgres
      - POSTGRES_USER=postgres
      - POSTGRES_PASSWORD=postgres
      - POSTGRES_HOST=database
      - POSTGRES_PORT=5432
      - KHOJ_DJANGO_SECRET_KEY=***
      - KHOJ_DEBUG=True
      - KHOJ_ADMIN_EMAIL=***
      - KHOJ_ADMIN_PASSWORD=***
      # Default URL of Terrarium, the default Python sandbox used by Khoj to run code. Its container is specified above
      - KHOJ_TERRARIUM_URL=http://sandbox:8080
      # Uncomment line below to have Khoj run code in remote E2B code sandbox instead of the self-hosted Terrarium sandbox above. Get your E2B API key from https://e2b.dev/.
      # - E2B_API_KEY=your_e2b_api_key
      # Default URL of SearxNG, the default web search engine used by Khoj. Its container is specified above
      - KHOJ_SEARXNG_URL=http://search:8080
      # Uncomment line below to use with Ollama running on your local machine at localhost:11434.
      # Change URL to use with other OpenAI API compatible providers like VLLM, LMStudio etc.
      - OPENAI_BASE_URL=https://openrouter.ai/api/v1
      #
      # Uncomment appropriate lines below to use chat models by OpenAI, Anthropic, Google.
      # Ensure you set your provider specific API keys.
      # ---
      - OPENAI_API_KEY=***
      # - GEMINI_API_KEY=your_gemini_api_key
      # - ANTHROPIC_API_KEY=your_anthropic_api_key
      #
      # Uncomment line below to enable Khoj to use its computer.
      # - KHOJ_OPERATOR_ENABLED=True
      # Uncomment appropriate lines below to enable web results with Khoj
      # Ensure you set your provider specific API keys.
      # ---
      # Free, Slower API. Does both web search and webpage read. Get API key from https://jina.ai/
      # - JINA_API_KEY=your_jina_api_key
      # Paid, Fast API. Only does web search. Get API key from https://serper.dev/
      # - SERPER_DEV_API_KEY=your_serper_dev_api_key
      # Paid, Fast, Open API. Only does webpage read. Get API key from https://firecrawl.dev/
      # - FIRECRAWL_API_KEY=your_firecrawl_api_key
      # Paid, Fast, Higher Read Success API. Only does webpage read. Get API key from https://olostep.com/
      # - OLOSTEP_API_KEY=your_olostep_api_key
      #
      # Uncomment the necessary lines below to make your instance publicly accessible.
      # Proceed with caution, especially if you are using anonymous mode.
      # ---
      - KHOJ_NO_HTTPS=True
      # Replace the KHOJ_DOMAIN with the server's externally accessible domain or I.P address from a remote machie (no http/https prefix).
      # Ensure this is set correctly to avoid CSRF trusted origin or unset cookie issue when trying to access the admin panel.
      - KHOJ_DOMAIN=***
      - RESEND_API_KEY=***
      - RESEND_EMAIL=***
      # - KHOJ_DOMAIN=khoj.example.com
      # Replace the KHOJ_ALLOWED_DOMAIN with the server's internally accessible domain or I.P address on the host machine (no http/https prefix).
      # Only set if using a load balancer/reverse_proxy in front of your Khoj server. If unset, it defaults to KHOJ_DOMAIN.
      # For example, if the load balancer service is added to the khoj docker network, set KHOJ_ALLOWED_DOMAIN to khoj's docker service name: `server'.
      # - KHOJ_ALLOWED_DOMAIN=server
      - KHOJ_ALLOWED_DOMAIN=192.168.12.176
      # Uncomment the line below to disable telemetry.
      # Telemetry helps us prioritize feature development and understand how people are using Khoj
      # Read more at https://docs.khoj.dev/miscellaneous/telemetry
      # - KHOJ_TELEMETRY_DISABLE=True
    # Comment out this line when you're using the official ghcr.io/khoj-ai/khoj-cloud:latest prod image.
    command: --host="0.0.0.0" --port=42110 -vv --non-interactive

volumes:
  khoj_config:
  khoj_db:
  khoj_models:
  khoj_search:
  khoj_computer:

Link to Discord or Github discussion

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    fixFix something that isn't working as expected

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions