Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FIX] Add multiple domains to allowed list via KHOJ_DOMAIN #1057

Open
3 of 14 tasks
zazer0 opened this issue Jan 9, 2025 · 1 comment
Open
3 of 14 tasks

[FIX] Add multiple domains to allowed list via KHOJ_DOMAIN #1057

zazer0 opened this issue Jan 9, 2025 · 1 comment
Labels
fix Fix something that isn't working as expected

Comments

@zazer0
Copy link

zazer0 commented Jan 9, 2025

Describe the bug

Hi, currently there's no way to have multiple URL's be trusted for both CORS & CSRF_TRUSTED_ORIGINS list (which breaks my setup and probably others' too).

Should be a quick fix - CORS is already implemented by parsing KHOJ_DOMAIN (per #662), and still works.

However, CSRF allowlist seems to not be correctly splitting the env variable on its commas (per below screenshot).

To Reproduce

Steps to reproduce the behavior:

Add a comma and a second URL to the KHOJ_DOMAINS env variable.

I'm pretty sure the offending line(s) for a potential fix are:

khoj/src/khoj/app/settings.py

Lines 31 to 42 in 8803686

# All Subdomains of KHOJ_DOMAIN are trusted
KHOJ_DOMAIN = os.getenv("KHOJ_DOMAIN", "khoj.dev")
ALLOWED_HOSTS = [f".{KHOJ_DOMAIN}", "localhost", "127.0.0.1", "[::1]"]
CSRF_TRUSTED_ORIGINS = [
f"https://*.{KHOJ_DOMAIN}",
f"https://{KHOJ_DOMAIN}",
f"http://*.{KHOJ_DOMAIN}",
f"http://{KHOJ_DOMAIN}",
f"https://app.{KHOJ_DOMAIN}",
]

image

Is someone with Django knowledge able to fix this? 🙏

Screenshots

image

Platform

  • Server:
    • Cloud-Hosted (https://app.khoj.dev)
    • Self-Hosted Docker
    • Self-Hosted Python package
    • Self-Hosted source code
  • Client:
    • Obsidian
    • Emacs
    • Desktop app
    • Web browser
    • WhatsApp
  • OS:
    • Windows
    • macOS
    • Linux
    • Android
    • iOS

If self-hosted

  • Server Version [e.g. 1.0.1]: 1.33.2

Additional context

Add any other context about the problem here.
@zazer0 zazer0 added the fix Fix something that isn't working as expected label Jan 9, 2025
@zazer0 zazer0 mentioned this issue Jan 9, 2025
Closed
@zazer0 zazer0 changed the title [FIX] Regression allowing KHOJ_DOMAIN to be a comma-seperated list [FIX] Regression breaking KHOJ_DOMAIN's ability to be a comma-seperated list Jan 9, 2025
@debanjum
Copy link
Member

debanjum commented Jan 9, 2025

Hi @zazer0, can you describe why you need to allow multiple domains? Is setting KHOJ_DOMAIN to khoj.zazers.domain not good enough?

The ability to specify multiple KHOJ_DOMAIN via a comma separated list passed via an environment variable isn't supported. The KHOJ_DOMAIN is used to configure the CSRF_COOKIE_DOMAIN and SESSION_COOKIE_DOMAIN Django variables as well and those variables only allow a single domain.

See

khoj/src/khoj/app/settings.py

Lines 47 to 56 in c448c49

COOKIE_SAMESITE = "None"
if DEBUG or os.getenv("KHOJ_DOMAIN") == None:
SESSION_COOKIE_DOMAIN = "localhost"
CSRF_COOKIE_DOMAIN = "localhost"
else:
# Production Settings
SESSION_COOKIE_DOMAIN = KHOJ_DOMAIN
CSRF_COOKIE_DOMAIN = KHOJ_DOMAIN
if not DISABLE_HTTPS:
SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")

@debanjum debanjum changed the title [FIX] Regression breaking KHOJ_DOMAIN's ability to be a comma-seperated list [FIX] Add multiple domains to allowed list via KHOJ_DOMAIN Jan 11, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
fix Fix something that isn't working as expected
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@debanjum @zazer0