Invalid CSRF on dev install
-
Hi. I've setup a new domain at https://sudonix.dev to mirror my production domain of https://sudonix.com. I've completed the installation, recovered the database, and now have the dread
invalid csrf token
error - see below2022-03-21T14:15:25.859Z [4571/91294] - info: Initializing NodeBB v1.19.5 https://sudonix.dev 2022-03-21T14:15:27.761Z [4571/91294] - info: [socket.io] Restricting access to origin: https://sudonix.dev:* 2022-03-21T14:15:27.858Z [4571/91294] - warn: [plugins] "@nodebb/nodebb-plugin-user-level" is active but not installed. (node:91294) Warning: Accessing non-existent property 'padLevels' of module exports inside circular dependency (Use `node --trace-warnings ...` to show where the warning was created) 2022-03-21T14:15:28.637Z [4571/91294] - warn: [plugins/load] DEPRECATION The hook filter:router.page has been deprecated as of v1.15.3, and slated for removal in v2.1.0. Please use response:router.page instead. The following plugins are still listening for this hook: * nodebb-plugin-write-api 2022-03-21T14:15:28.724Z [4571/91294] - info: [plugins/spam-be-gone] Settings loaded 2022-03-21T14:15:28.734Z [4571/91294] - info: [reputation-rules] settings loaded 2022-03-21T14:15:28.925Z [4571/91294] - info: [api] Adding 4 route(s) to `api/v3/plugins` 2022-03-21T14:15:28.936Z [4571/91294] - info: [router] Routes added 2022-03-21T14:15:28.947Z [4571/91294] - info: NodeBB Ready 2022-03-21T14:15:28.948Z [4571/91294] - info: Enabling 'trust proxy' 2022-03-21T14:15:28.950Z [4571/91294] - info: NodeBB is now listening on: 0.0.0.0:4571 2022-03-21T14:15:47.488Z [4571/91294] - error: [plugin/iframely] Could not parse embed: Failed to lookup view "partials/iframely-widget-card" in views directory "/home/sudonix.dev/nodebb/build/public/templates". Url: https://sudonix.com/topic/233/nodebb-welcome-message-with-logo-footer-change/3?_=1645445273209 Missing translation "2factor:title" for language "en-GB" Missing translation "qanda:topic_solved" for language "en-GB" Missing translation "qanda:topic_solved" for language "en-GB" Missing translation "qanda:topic_solved" for language "en-GB" Missing translation "qanda:topic_solved" for language "en-GB" Missing translation "qanda:topic_unsolved" for language "en-GB" Missing translation "qanda:topic_solved" for language "en-GB" Missing translation "qanda:topic_solved" for language "en-GB" Missing translation "qanda:topic_solved" for language "en-GB" Missing translation "qanda:topic_solved" for language "en-GB" Missing translation "qanda:topic_solved" for language "en-GB" Missing translation "qanda:topic_solved" for language "en-GB" Missing translation "qanda:menu.solved" for language "en-GB" Missing translation "qanda:menu.solved" for language "en-GB" 2022-03-21T14:15:48.899Z [4571/91294] - error: POST /logout invalid csrf token
I've reset all plugins, so it's not that. My
nginx
config doesn't seem to make much difference in the sense that if I switchproxy_set_header X-Forwarded-Proto https;
withproxy_set_header X-Forwarded-Proto $scheme;
This is running on the same server as production, therefore, the port being used is
4571
I've seen multiple posts concerning this, and none of the fixes stated seem to work for me. If I run from another browser, or in incognito mode, nothing changes. Completely unable to login.
-
Fixed
I should have remembered that this database is from PROD, therefore, the cookie domain would need to be deleted. Issuing
db.objects.update({_key: "config"}, {$set: {cookieDomain: ""}});
in the target DB under MongoDB, then restartingnodebb
resolved the issue.Able to login
-
-
@ufan0 Please see this thread