CSRF error on new 1.18 install
James Niffenegger
I have installed archivematica 1.18 on a newly installed Rocky Linux 9 server, so not an upgrade of an existing archivematica system.
The install went fine, no issues there. The problem is after install, when I go to the server URL port 81 and enter the initial setup information and hit submit, I get the CSRF error. Also after setting the admin user for the storage service and trying to log in on port 8001, I also get the CSRF error.
Everything I've found regarding this says to edit the production.py files for dashboard and storage-service, however neither of those files are there. The fixes I can find on it point to the files being /usr/share/archivematica/dashboard/settings/production.py and /usr/lib/archivematica/storage-service/storage_service/settings/production.py, however on this new server, they aren't there.
The only thing in /usr/share/archivematica is a subdir called virtualenvs which does not contain any production.py files and there is no /usr/lib/archivematica directory at all.
There is an /opt/archivematica directory which has production.py files at /opt/archivematica/archivematica/src/archivematica/dashboard/settings/production.py and /opt/archivematica/archivematica-storage-service/src/archivematica/storage_service/storage_service/settings/production.py, however editing them has no effect on the running service after restart. These are the ONLY production.py files on the server.
So my question is, where do I go to edit the CSRF_TRUSTED_ORIGINS variable so that I can start using this new server?
Thank you,
James Niffenegger
Lead Systems Operations
Shields Library - ITIS
UC Davis
Douglas Cerna
--
You received this message because you are subscribed to the Google Groups "archivematica" group.
To unsubscribe from this group and stop receiving emails from it, send an email to archivematic...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/archivematica/BLAPR08MB6947755046904A3369414DEFCB72A%40BLAPR08MB6947.namprd08.prod.outlook.com.
--
James Niffenegger
Those files are not there with a base/new install. My /etc/default directory only has grub and useradd files in it.
Do I need to create them? Is there another location with ones I should copy to here or is this like an options file where I can create it and add the one line needed and it appends to the config on startup?
Thanks,
James Niffenegger
Lead Systems Operations
Shields Library - ITIS
UC Davis
________________________________________
From: 'Douglas Cerna' via archivematica <archiv...@googlegroups.com>
Sent: Thursday, February 26, 2026 8:05 AM
To: archiv...@googlegroups.com
Subject: Re: [archivematica] CSRF error on new 1.18 install
Hello,
For the Dashboard you can set/modify the ARCHIVEMATICA_DASHBOARD_DASHBOARD_CSRF_TRUSTED_ORIGINS variable in the /etc/default/archivematica-dashboard file. And for the Storage Service it's the CSRF_TRUSTED_ORIGINS variable in the /etc/default/archivematica-storage-service file.
That being said, I'd suggest you check the Cookie and session security section in the documentation: https://www.archivematica.org/en/docs/archivematica-1.18/admin-manual/security/security/#cookie-and-session-security. The second note specifically regarding HTTPS vs HTTP deployments.
Hope this helps.
On Thu, Feb 26, 2026 at 9:41 AM 'James Niffenegger' via archivematica <archiv...@googlegroups.com<mailto:archiv...@googlegroups.com>> wrote:
Hello all,
I have installed archivematica 1.18 on a newly installed Rocky Linux 9 server, so not an upgrade of an existing archivematica system.
The install went fine, no issues there. The problem is after install, when I go to the server URL port 81 and enter the initial setup information and hit submit, I get the CSRF error. Also after setting the admin user for the storage service and trying to log in on port 8001, I also get the CSRF error.
Everything I've found regarding this says to edit the production.py files for dashboard and storage-service, however neither of those files are there. The fixes I can find on it point to the files being /usr/share/archivematica/dashboard/settings/production.py and /usr/lib/archivematica/storage-service/storage_service/settings/production.py, however on this new server, they aren't there.
The only thing in /usr/share/archivematica is a subdir called virtualenvs which does not contain any production.py files and there is no /usr/lib/archivematica directory at all.
There is an /opt/archivematica directory which has production.py files at /opt/archivematica/archivematica/src/archivematica/dashboard/settings/production.py and /opt/archivematica/archivematica-storage-service/src/archivematica/storage_service/storage_service/settings/production.py, however editing them has no effect on the running service after restart. These are the ONLY production.py files on the server.
So my question is, where do I go to edit the CSRF_TRUSTED_ORIGINS variable so that I can start using this new server?
Thank you,
James Niffenegger
Lead Systems Operations
Shields Library - ITIS
UC Davis
--
You received this message because you are subscribed to the Google Groups "archivematica" group.
To unsubscribe from this group and stop receiving emails from it, send an email to archivematic...@googlegroups.com<mailto:archivematica%2Bunsu...@googlegroups.com>.
To view this discussion visit https://groups.google.com/d/msgid/archivematica/BLAPR08MB6947755046904A3369414DEFCB72A%40BLAPR08MB6947.namprd08.prod.outlook.com.
--
Douglas Cerna (he/him),
Software Developer, Artefactual Systems Inc.
http://www.artefactual.com
--
You received this message because you are subscribed to the Google Groups "archivematica" group.
To unsubscribe from this group and stop receiving emails from it, send an email to archivematic...@googlegroups.com<mailto:archivematic...@googlegroups.com>.
To view this discussion visit https://groups.google.com/d/msgid/archivematica/CAPm4Rm9r9g%3D1XdhxwzXNF%2BZBpGia%2BxQMWbJGT-LgN3Zkye%3DBKA%40mail.gmail.com<https://groups.google.com/d/msgid/archivematica/CAPm4Rm9r9g%3D1XdhxwzXNF%2BZBpGia%2BxQMWbJGT-LgN3Zkye%3DBKA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
Douglas Cerna
To unsubscribe from this group and stop receiving emails from it, send an email to archivematic...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/archivematica/BLAPR08MB6947E84E55540AF0748DAD4BCB72A%40BLAPR08MB6947.namprd08.prod.outlook.com.
James Niffenegger
I deleted my erroneous post from the group.
Thank you!
James Niffenegger
Lead Systems Operations
Shields Library - ITIS
UC Davis
________________________________________
From: 'Douglas Cerna' via archivematica <archiv...@googlegroups.com>
Sent: Thursday, February 26, 2026 9:05 AM
To: archiv...@googlegroups.com
Subject: Re: [archivematica] CSRF error on new 1.18 install
Oh, I apologize. Your installation is based on Rocky Linux 9. Those files are located in the /etc/sysconfig/ directory instead.
James Niffenegger
Here is how I am currently configuring the line for the dashboard in the /etc/sysconfig/archivematica-dashboard file:
ARCHIVEMATICA_DASHBOARD_DASHBOARD_CSRF_TRUSTED_ORIGINS=https://amatica-n.library.ucdavis.edu:81
I have tried
ARCHIVEMATICA_DASHBOARD_DASHBOARD_CSRF_TRUSTED_ORIGINS="https://amatica-n.library.ucdavis.edu:81"
and
ARCHIVEMATICA_DASHBOARD_DASHBOARD_CSRF_TRUSTED_ORIGINS='https://amatica-n.library.ucdavis.edu:81'
and
ARCHIVEMATICA_DASHBOARD_DASHBOARD_CSRF_TRUSTED_ORIGINS=["https://amatica-n.library.ucdavis.edu:81"]
I restart the archivematica-dashboard service for each attempt. Do I need to be restarting any other services as well?
The log file shows the following:
WARNING 2026-02-26 17:52:16 django.security.csrf:log:log_response:246: Forbidden (Origin checking failed - https://amatica-n.library.ucdavis.edu:81 does not match any trusted origins.): /installer/welcome/
I have nginx using SSL and a proper cert for our domain. Browser shows site as secure and reading the SSL cert properly. The initial welcome/setup page comes up just fine. Just every time I try to submit I still get the CSRF error.
Thank you,