So is there a fix for these csrf errors?

a_5mith

I've updated my forum, and noticed a few posts regarding csrf and theme related things.

15/12 09:47 [3811] - error: /login
Error: invalid csrf token
at verifytoken (/home/a_5mith/35hz/node_modules/csurf/index.js:237:11)
at csrf (/home/a_5mith/35hz/node_modules/csurf/index.js:100:7)
at Layer.handle [as handle_request] (/home/a_5mith/35hz/node_modules/express/lib/router/layer.js:82:5)
at next (/home/a_5mith/35hz/node_modules/express/lib/router/route.js:100:13)
at Route.dispatch (/home/a_5mith/35hz/node_modules/express/lib/router/route.js:81:3)
at Layer.handle [as handle_request] (/home/a_5mith/35hz/node_modules/express/lib/router/layer.js:82:5)
at /home/a_5mith/35hz/node_modules/express/lib/router/index.js:235:24
at Function.proto.process_params (/home/a_5mith/35hz/node_modules/express/lib/router/index.js:313:12)
at /home/a_5mith/35hz/node_modules/express/lib/router/index.js:229:12
at Function.match_layer (/home/a_5mith/35hz/node_modules/express/lib/router/index.js:296:3)

Lavender and Vanilla are latest, the forum still works, it just gives CSRF errors every now and then.

trevor

Did you remove all of the csrf references in header.tpl, login.tpl, register.tpl?

Yeah, on second thought, I've seen this in the logs a while back even after I removed all of the csrf inputs.

a_5mith

@trevor I just updated NodeBB and the themes, so would assume this had already been done.

Scuzz

@a_5mith With NodeBB dont assume anything