Running on Databricks Apps

wbarteck · January 28, 2025, 4:58pm

I think I’m 90% of the way there but I’m getting 403 errors when trying to log in and the troubleshooting tips online haven’t helped.

So I am utilizing databricks apps to deploy label-studio, here is the script that runs on the server this is the “entire” setup

import os

if __name__ == "__main__":
    os.system("pip install -e label-studio-ml-backend")
    # run command in the background
    # os.system("label-studio-ml start label-studio-ml-backend/my_spacy_backend &")
    os.system(f"label-studio start --username default_user@localhost --password password --data-dir ./label-studio/data --debug")
    # also tried simple os.system(f"label-studio start")

version is label-studio 1.15

Here is the actual error when I log in:
[django.security.csrf::log_response::241] [WARNING] Forbidden (Origin checking failed - https://xx-xxxx.aws.databricksapps.com does not match any trusted origins.): /user/login/

I ran it once under a different name, it worked great. I ran it again under a new name, it deployed to a different app url, and now I’m getting a 403 error when I try to log in. I assume this is an issue where it is finding an old data dir but I tried changing that and nothing happened. I have no idea how to clear any old install and I can’t see where those files might be from the logs

Any advice appreciated

makseq · February 6, 2025, 6:23pm

It seems you’re seeing the 403 error because Django’s CSRF check isn’t recognizing your app’s URL as trusted. In Label Studio (version 1.15 in your case) the list of trusted origins is read from the environment variable CSRF_TRUSTED_ORIGINS.

To fix this, update your deployment so that before you start Label Studio you set CSRF_TRUSTED_ORIGINS to include your current app URL—for example, add:

CSRF_TRUSTED_ORIGINS=https://xx-xxxx.aws.databricksapps.com

If you’re running this from your Python script, you can set it with:

import os
os.environ["CSRF_TRUSTED_ORIGINS"] = "https://xx-xxxx.aws.databricksapps.com"

Then call your start command. This change tells Django to accept login requests coming from that domain.

If you suspect remnants from an earlier deployment (for example, old data in your ./label-studio/data directory), you might also try removing or changing that data directory—but the error message clearly points to a trusted-origin mismatch, so setting CSRF_TRUSTED_ORIGINS is the most direct solution.

Be sure that any reverse-proxy or load-balancer setup isn’t interfering with the host header values. Since you mentioned that running under a different app name worked previously, the key is to ensure that the currently used URL is included in CSRF_TRUSTED_ORIGINS.

Topic		Replies	Views
Forgot password Label Studio Support	1	88	February 11, 2025
Issue with Label Studio related to image file paths Label Studio Support	2	503	August 20, 2024
SAM2 connection - 403 error Machine Learning	4	170	August 21, 2024
Label studio with cloud run and vpc access conector & PRIVATE CLOUD SQL Label Studio Support deployment	2	15	March 3, 2025
Validation error ``ML Backend health check failed'' Label Studio Support faq , docker	2	392	December 17, 2024

Running on Databricks Apps

Related topics