Invalid CSRF Token
-
where do we set SSL:no. Can you paste your config.json?
-
@codecowboy don't think there is a setting like that. Where did you get that from?
-
@codecowboy As @pichalite has mentioned in the other thread, you'll want to reset the
cookieDomain
config in your NodeBB. -
@pichalite SSL:No is mentioned higher up in this thread
-
@codecowboy he just said that he is not using SSL. There is no such setting.
-
@pichalite aha. My bad. I am stupid. Its a curse.
-
I had the exact same issue, I ended up going back to v1.0.3. Lucky me that there was no change in the database so I could just use git checkout v1.0.3 and then run npm install followed by ./nodebb upgrade and everything went back to a working state.
-
I'm using nginx with SSL, had the same issue with login/CSRF Token when migrated from 1.0.3 to 1.1.2, and, as described before but always good to remain, adding this to my nginx config (
/etc/nginx/sites-enabled/default
in my case) saved my life, thankproxy_set_header X-Forwarded-Proto $scheme;
-
for the record for people finding this via search, for apache2 you have to set this somewhere in your nodebb vhost configuration
with sslRequestHeader set X-Forwarded-Proto "https"
without ssl
RequestHeader set X-Forwarded-Proto "http"
you might have to enable mod_headers to do so!