Hi,
I’ve tried the suggested changes, but I’m still encountering the same issue — a blank page appears after logging in over HTTPS.
As a workaround, I modified the config_local.py file and set:
WTF_CSRF_CHECK_DEFAULT = False
With this change, pgAdmin works correctly on HTTPS. However, I understand that disabling CSRF protection is not recommended in a production environment, so I’m looking for a more secure solution.
Here’s a snippet of my current config_local.py for reference:
DATA_DIR = '/var/lib/pgadmin4'
SQLITE_PATH = '/var/lib/pgadmin4/pgadmin4.db'
SESSION_DB_PATH = '/var/lib/pgadmin4/sessions'
STORAGE_DIR = '/var/lib/pgadmin4/storage'
AZURE_CREDENTIAL_CACHE_DIR = '/var/lib/pgadmin4/azurecredentialcache'
KERBEROS_CCACHE_DIR = '/var/lib/pgadmin4/kerberoscache'
SCRIPT_NAME = '/pgadmin4'
LOG_LEVEL = 'DEBUG'
CONSOLE_LOG_LEVEL = 50 # INFO = 20, WARNING = 30, ERROR = 40, CRITICAL = 50
FILE_LOG_LEVEL = 20
LOG_FILE = '/var/lib/pgadmin4/log/pgadmin4.log'
Could you please help me identify the correct settings to securely enable CSRF protection while ensuring pgAdmin functions properly over both HTTP and HTTPS under /pgadmin4?
