Update docs and show message that uploading folders isn't supported

[JuliusDigel]

Hey!
so im currently trying to get scancode.io up and running and encountered some issues with the CSRF_TRUSTED_ORIGINS settings

I deploy the webapp via docker-compose and followed the instructions from the website.

It worked wonderfully and the webpage is available at my server host ip (e.g 192.168.72.240). Now if i add a project and want to upload a directory i get the error:
scancodeio-3200-web-1 | WARNING Forbidden (CSRF token missing.): /project/ddd541c5-0ca5-442c-9f6a-ddd445284b23/ scancodeio-3200-nginx-1 | 192.168.74.237 - - [15/Dec/2022:10:44:24 +0000] "POST /project/ddd541c5-0ca5-442c-9f6a-ddd445284b23/ HTTP/1.1" 403 1019 "http://192.168.72.240/project/ddd541c5-0ca5-442c-9f6a-ddd445284b23/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0" "-"

Interestingly if i upload a .zip file it "works" with following log:
scancodeio-3200-nginx-1 | 2022/12/15 10:54:57 [warn] 28#28: *18 a client request body is buffered to a temporary file /var/cache/nginx/client_temp/0000000001, client: 192.168.74.237, server: , request: "POST /project/ce55e8dc-39d7-44e6-a7b5-ff0c6169d79f/ HTTP/1.1", host: "192.168.72.240", referrer: "http://192.168.72.240/project/ce55e8dc-39d7-44e6-a7b5-ff0c6169d79f/" scancodeio-3200-nginx-1 | 192.168.74.237 - - [15/Dec/2022:10:54:58 +0000] "POST /project/ce55e8dc-39d7-44e6-a7b5-ff0c6169d79f/ HTTP/1.1" 302 0 "http://192.168.72.240/project/ce55e8dc-39d7-44e6-a7b5-ff0c6169d79f/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0" "-"

Now following the instructions from the website i tried out alot of configurations but none worked. I always rebuild the images, pruned the local docker-engine and redeployed the webapp after a change to .env or settings.py. My current .env looks like this (i replaced the domainnames with standard ones):

ALLOWED_HOSTS=.your-domain.com,127.0.0.1,192.168.72.240
CSRF_TRUSTED_ORIGINS=https://*.your-domain.com,http://*.your-domain.com,http://127.0.0.1:8001,http://192.168.72.240:8001

What i also tried for CSRF_TRUSTED_ORIGINS:
http://192.168.72.240
http://192.168.74.237
http://192.168.74.237:8001

I feel like im running out of options. Did i misconfigure something or is there a error in the code?

Thank you

[AyanSinhaMahapatra]

@JuliusDigel I don't think we support uploading directories anyway, you'll have to upload archives which would be extracted in place and then scanned.

You said:

Interestingly if i upload a .zip file it "works"

Did it complete the scan without errors and has satisfactory results or is there a problem with the results from this?

The instructions on the web UI has: Upload files in Inputs and also in the CLI for the possible inputs: https://scancodeio.readthedocs.io/en/latest/command-line-interface.html#scanpipe-add-input-project-project-input-file-files-input-url-urls

You can only upload files/specify URLs or download from (which can be docker URLs too) IMHO.

The instructions are only installation instructions and after that there's also tutorials which you can look at for specific use cases.

Please point out if this doesn't solve your problem/use case.

[JuliusDigel]

Oh okay that explains it. Thanks for the Feedback!

[AyanSinhaMahapatra]

Reopeneing this as we need to:

• update the documentation for this to remove confusion
• also display a message in the add project page if someone uploads a folder

Currently, we cannot select folders from the select menu, but drag and drop isn't restricted for directories and now it hangs the project creation without doing anything (for me).

[abdollahShahid]

✅ Fixed in PR #2022.

Docs now clarify folders aren’t supported (use archives instead), and the UI shows a warning when a folder is dropped into the upload area.
Ready to close once PR is merged.

@AyanSinhaMahapatra please review this PR