CSRF error when logging in after URL change
-
I experienced several CSRF errors before, mostly due to cookie/cache issues or dated themes.
Now this time, I changed the domain fromtest.domain.comtodomain.comin my nginx config file and the nodeBB config.json. After that, I restarted nginx and NodeBB and tried to login, but am unable to because I'm getting "Forbidden" in the browser anderror: /login - Invalid CSRF tokenin the logfile.Neither
git pulling,npm uping, deleting the browser cache, restarting NodeBB/nginx/redis/the whole machine or using a completely different machine in another network helps.Any ideas?
config.json:
{ "url": "https://schreibnacht.de", "port": ["4567", "4568", "4569"], "secret": " ... ", "database": "redis", "redis": { "host": "127.0.0.1", "port": "6379", "password": " ... ", "database": "0" }EDIT: Weird enough, I just realized that at the old subdomain (as a CNAME) logging in is still possible...
-
Try to update/reinstall theme or install new one for test purposes.
As I can see it could be anything from email address in datastore to page title:
https://github.com/NodeBB/NodeBB/issues/2571#issuecomment-68636590 -
No success with switching to vanilla.
I should mention I am using 0.70-dev right now... -
When comparing the token generated at the server and the client, I can see a pattern:
First try
Server:_aNRp8doIko-eEJxUbgyCXfl
Client:6U0tpPQQ-7ZC7bLRg2GVnbsOHa6GHkLGR_C8Second try
Server:m9A1Lnf7efV78dRuLAhKJ2zh
Client:WV8qGiVr-g555xVnuD1QZHWcavkB_ateMKX4Third try
Server:ocShckErFsoLYVY_duiBP5ug
Client:bT4diTiU-9pQlbtfwLeJy1ALCSVoM2xLZe_4So the scheme by which those are produced seems to be off. No idea how to mince this into a solution, but hey. It's something!
-
Okay, I solved it myself - seem to not have saved the new cookie domain correctly.
Someone should write a few guides on migrating... Maybe I'll do it tomorrow evening.
