Origin checking failed - null does not match any trusted origins. #1670

julian-piehl · 2026-04-22T13:56:11Z

julian-piehl
Apr 22, 2026

Current Behavior

When trying to login i get the error message:
Origin checking failed - null does not match any trusted origins.

After checking i saw that my Browser also sends the header Origin as null.

I'm running Netbox behind a reverse proxy (traefik). But i tried setting different settings and none worked:
ALLOWED_HOSTS = [ 'mydomain', 'localhost' ]
CSRF_TRUSTED_ORIGINS = [ 'https://mydomain' ]
CSRF_ALLOWED_ORIGINS = [ 'https://mydomain' ]
CORS_ORIGINS_WHITELIST = [ 'https://mydomain' ]
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')

Expected Behavior

I want to log in...

Docker Compose Version

Docker Compose version v2.39.4

Docker Version

Client: Docker Engine - Community
 Version:           28.4.0
 API version:       1.51
 Go version:        go1.24.7
 Git commit:        d8eb465
 Built:             Wed Sep  3 20:57:32 2025
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          28.4.0
  API version:      1.51 (minimum version 1.24)
  Go version:       go1.24.7
  Git commit:       249d679
  Built:            Wed Sep  3 20:57:32 2025
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v1.7.28
  GitCommit:        b98a3aace656320842a23f4a392a33f46af97866
 runc:
  Version:          1.3.0
  GitCommit:        v1.3.0-0-g4ca628d1
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

The git Revision

c6cd7ef

The git Status

On branch release
Your branch is up to date with 'origin/release'.

Changes not staged for commit:
  (use "git add <file>..." to update what will be committed)
  (use "git restore <file>..." to discard changes in working directory)
        modified:   configuration/configuration.py

no changes added to commit (use "git add" and/or "git commit -a")

Startup Command

docker compose up -d

NetBox Logs

netbox-1         | 🧬 loaded config '/etc/netbox/config/configuration.py'
netbox-1         | 🧬 loaded config '/etc/netbox/config/extra.py'
netbox-1         | 🧬 loaded config '/etc/netbox/config/logging.py'
netbox-1         | 🧬 loaded config '/etc/netbox/config/plugins.py'
netbox-1         | [INFO] Started worker-3
netbox-1         | [INFO] Started worker-4
netbox-1         | [INFO] Started worker-1
netbox-1         | [INFO] Started worker-2
netbox-1         | [2026-04-22 15:46:44 +0200] : - "GET /login/ HTTP/1.1" 200 5718.148
netbox-1         | [2026-04-22 15:46:52 +0200] : - "GET /login/ HTTP/1.1" 200 5877.815
netbox-1         | [2026-04-22 15:47:00 +0200] : - "GET /login/ HTTP/1.1" 200 390.347
netbox-1         | [2026-04-22 15:47:16 +0200] : - "GET /login/ HTTP/1.1" 200 363.889
netbox-1         | [2026-04-22 15:47:23 +0200] ::ffff - "GET /login/ HTTP/1.1" 200 5428.457
netbox-1         | [2026-04-22 15:47:31 +0200] : - "GET /login/ HTTP/1.1" 200 138.663
netbox-1         | Forbidden (Origin checking failed - null does not match any trusted origins.): /login/
netbox-1         | [2026-04-22 15:47:33 +0200] ::ffff - "POST /login/ HTTP/1.1" 403 98.600
netbox-1         | Not Found: /favicon.ico
netbox-1         | [2026-04-22 15:47:33 +0200] ::ffff - "GET /favicon.ico HTTP/1.1" 404 10.009

Content of docker-compose.override.yml

services:
  netbox:
    expose:
      - "8080"
    environment:
      DEBUG: "true"
      TIME_ZONE: "Europe/Berlin"
    labels:
      - traefik.enable=true
      - traefik.http.routers.netbox.entrypoints=websecure
      - traefik.http.routers.netbox.rule=Host(`mydomain`)
      - traefik.http.routers.netbox.service=netbox
      - traefik.http.services.netbox.loadbalancer.server.port=8080
      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
      - "traefik.http.routers.netbox.middlewares=sslheader"
    networks:
      - default
      - traefik

networks:
  traefik:
    external: true

Answered by julian-piehl

May 4, 2026

For anyone who is having the same problem:
For me the solution was neither of the things i mentioned.
But i followed the OWASP recommandations for setting my headers and had the Referrer-Policy set to no-referrer which breaks netbox.
To fix it i have set the Referrer-Policy to strict-origin-when-cross-origin but maybe same-origin would be better.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Referrer-Policy

View full answer

julian-piehl · 2026-05-04T21:41:53Z

julian-piehl
May 4, 2026
Author

For anyone who is having the same problem:
For me the solution was neither of the things i mentioned.
But i followed the OWASP recommandations for setting my headers and had the Referrer-Policy set to no-referrer which breaks netbox.
To fix it i have set the Referrer-Policy to strict-origin-when-cross-origin but maybe same-origin would be better.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Referrer-Policy

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Origin checking failed - null does not match any trusted origins. #1670

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Uh oh!

Origin checking failed - null does not match any trusted origins. #1670

Uh oh!

julian-piehl Apr 22, 2026

Current Behavior

Expected Behavior

Docker Compose Version

Docker Version

The git Revision

The git Status

Startup Command

NetBox Logs

Content of docker-compose.override.yml

Replies: 1 comment

Uh oh!

julian-piehl May 4, 2026 Author

julian-piehl
Apr 22, 2026

julian-piehl
May 4, 2026
Author