#Self-hosted sentry login on ip address

1 messages · Page 1 of 1 (latest)

undone cobalt
#

So I've spun up self-hosted sentry on my computer.
When i go to localhost:9000, i can sign in just fine to sentry
But when i go to my ip address sentry (192.168.1.120:9000), I can't sign in. Always get this error despite typing the exact same credentials. Even though I can sign in just fine on localhost:9000. Do they not share the same accounts? What to do?

CSRF Validation Failed
A required security token was not found or was invalid.

Why are you encountering a CSRF error after login?

See explanation from Django docs.
Read more about CSRF on Wikipedia.
If you're continually seeing this issue, try the following steps:

Close other tabs with Sentry loaded.
Clear cookies (at least for Sentry's domain).
Reload the page you're trying to submit (don't re-submit data).
Re-enter the information, and submit the form again.
Ensure the URL does not contain an extra "/" anywhere (eg: https://foo//saml -> https://foo/saml).

late gobletBOT
#

Hi @undone cobalt. I'm happy to dig into this for you! I'll check my internal sources for answers to your question! :wave:

#

The CSRF error you’re encountering when accessing Sentry via your IP address (e.g., <IP address>:9000)—even though login works on localhost:9000—is due to stricter CSRF protection introduced in recent Sentry versions (since 24.1.0, with the upgrade to Django 4). By default, Sentry only trusts the domain or address specified in its configuration. If you access Sentry from a different address (like your IP instead of localhost), the CSRF token validation will fail unless that address is explicitly trusted.

Why does this happen?

  • Sentry’s CSRF protection checks the origin of requests. If you access Sentry from an address not listed as a trusted origin, login and other POST actions will fail with a CSRF error—even if the credentials are correct.
  • The accounts are the same, but the CSRF validation is blocking the request for security reasons, not because of account differences.

How to fix it:

  1. Edit your sentry.conf.py file (usually found in the sentry/ directory of your self-hosted setup).
  2. Add your IP address (and any other domains you use to access Sentry) to the CSRF_TRUSTED_ORIGINS setting. For example:
    CSRF_TRUSTED_ORIGINS = [
    "<http://localhost:9000",>
    "<http://127.0.0.1:9000",>
    "<http://<your-ip-address>:9000">
]
  3. Re-run ./install.sh after making this change to ensure the configuration is applied.
  4. Clear your browser cookies and cache for the Sentry domain before retrying login.
#

This approach is confirmed in the official troubleshooting documentation and by multiple users who resolved the same issue by updating CSRF_TRUSTED_ORIGINS to include all addresses they use to access Sentry, including LAN IPs and custom domains. You can safely use your LAN IP if you don’t have a public domain. For more details, see the Sentry self-hosted troubleshooting guide and related user reports here and here.

Summary:
You’re seeing the CSRF error because your IP address isn’t trusted by default. Add it to CSRF_TRUSTED_ORIGINS in sentry.conf.py, re-run the install script, and clear your cookies. This should resolve the login issue when accessing Sentry via your IP address.

Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: