CSRF verification failed (403) when using self-hosted PostHog and /i/v0/e/ endpoint #32108
Comments
|
I am having same problem |
|
Same here, could you please fix it? |
|
I'm facing exact same issue here, can anybody help? |
|
I'm also getting this issue. @Felipoe is this (https://posthog.com/questions/forbidden-403-csrf-verification-failed-request-aborted) also you? I've been following this issue at #28804 and it seems like @pauldambra needs more information on how to reproduce this. If we can help gather some data hopefully we can help them to resolve this Here is a snippet of my docker logs for My @pauldambra in the docker config that you are using, are you propagationg through a domain via an A record? |
|
@sudo-eugene I haven't changed any settings or config, so if you follow the default install then you don't get this (or rather I followed default and don't get this) i think it's correct that i/v0/e gets forbidden as it should be served via the new rust capture endpoints and not the django app so somewhere you all have picked up incorrect config but I don't know where from |
|
@pauldambra After running I also checked my local Are you suggesting that the issue potentially lies within the /posthog directory in the project root that the install script downloaded? See screenshots |
|
I also have this issue (on a fresh install). I tried to set So I modified the |
|
@dannyjhall fixing my mess just like the good old days 🥇 we're working to remove the old capture so this should disappear at some point, will ping the folk that know this part of the system better than me though |
|
@dannyjhall you should apply to come and work at PostHog and fix this from the inside 😍😘 |
|
ah, no, i broke it testing #32001 ignore me |
|
It works, thank you!! |
|
@dannyjhall you save my day |
|
I have not the slightest idea why it works or what |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
I recently deployed a self-hosted PostHog instance, and I'm encountering an issue when trying to capture events manually using fetch from the frontend.
Every time I attempt to send an event, I get the following error:
arduino
Copiar
Editar
POST https://posthog.bne.com.br/i/v0/e/ 403 (Forbidden) - CSRF verification failed. Request aborted.
Here’s a summary of my setup:
I am using a self-hosted PostHog deployment (running in Docker).
I have configured the PostHog instance with an API key (POSTHOG_PROJECT_API_ACCESS_TOKEN).
I'm using the standard PostHog JavaScript snippet to initialize posthog-js on the frontend.
I tried sending events using fetch directly to /capture/ and it works, but the default posthog-js SDK still tries to hit /i/v0/e/ and returns 403 errors.
I attempted patching middleware.py as suggested in previous discussions to include /i/v0/e/ in ALWAYS_ALLOWED_ENDPOINTS, but the issue persists.
Example of my manual fetch request (which works):
javascript
Copiar
Editar
fetch('https://posthog.bne.com.br/capture/', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify({
api_key: 'MY_API_KEY',
event: 'page_view',
distinct_id: 'user_12345',
properties: {
utm_source: 'google',
utm_medium: 'cpc'
}
})
})
.then(response => response.json())
.then(data => console.log('Success:', data))
.catch(error => console.error('Error:', error));
But when I let posthog-js send events automatically, it tries to post to /i/v0/e/ and fails with 403.
Questions:
Is there any updated recommended way to handle CSRF verification for /i/v0/e/ in self-hosted setups?
Is there an official configuration to force posthog-js to post to /capture/ instead of /i/v0/e/?
Should I update or patch my PostHog instance differently to fix this properly?
Additional Information:
Docker setup: Yes
API Key correctly set: Yes
Traffic is HTTPS (SSL configured).
Thank you very much for your help.
Looking forward to your guidance!
Best regards,
The text was updated successfully, but these errors were encountered: