Invalid CSRF on dev install

phenomlab

Hi. I've setup a new domain at https://sudonix.dev to mirror my production domain of https://sudonix.com. I've completed the installation, recovered the database, and now have the dread invalid csrf token error - see below

2022-03-21T14:15:25.859Z [4571/91294] - info: Initializing NodeBB v1.19.5 https://sudonix.dev
2022-03-21T14:15:27.761Z [4571/91294] - info: [socket.io] Restricting access to origin: https://sudonix.dev:*
2022-03-21T14:15:27.858Z [4571/91294] - warn: [plugins] "@nodebb/nodebb-plugin-user-level" is active but not installed.
(node:91294) Warning: Accessing non-existent property 'padLevels' of module exports inside circular dependency
(Use `node --trace-warnings ...` to show where the warning was created)
2022-03-21T14:15:28.637Z [4571/91294] - warn: [plugins/load] DEPRECATION The hook filter:router.page has been deprecated as of v1.15.3, and slated for removal in v2.1.0. Please use response:router.page instead. The following plugins are still listening for this hook:
  * nodebb-plugin-write-api
2022-03-21T14:15:28.724Z [4571/91294] - info: [plugins/spam-be-gone] Settings loaded
2022-03-21T14:15:28.734Z [4571/91294] - info: [reputation-rules] settings loaded
2022-03-21T14:15:28.925Z [4571/91294] - info: [api] Adding 4 route(s) to `api/v3/plugins`
2022-03-21T14:15:28.936Z [4571/91294] - info: [router] Routes added
2022-03-21T14:15:28.947Z [4571/91294] - info: NodeBB Ready
2022-03-21T14:15:28.948Z [4571/91294] - info: Enabling 'trust proxy'
2022-03-21T14:15:28.950Z [4571/91294] - info: NodeBB is now listening on: 0.0.0.0:4571
2022-03-21T14:15:47.488Z [4571/91294] - error: [plugin/iframely] Could not parse embed: Failed to lookup view "partials/iframely-widget-card" in views directory "/home/sudonix.dev/nodebb/build/public/templates". Url: https://sudonix.com/topic/233/nodebb-welcome-message-with-logo-footer-change/3?_=1645445273209
Missing translation "2factor:title" for language "en-GB"
Missing translation "qanda:topic_solved" for language "en-GB"
Missing translation "qanda:topic_solved" for language "en-GB"
Missing translation "qanda:topic_solved" for language "en-GB"
Missing translation "qanda:topic_solved" for language "en-GB"
Missing translation "qanda:topic_unsolved" for language "en-GB"
Missing translation "qanda:topic_solved" for language "en-GB"
Missing translation "qanda:topic_solved" for language "en-GB"
Missing translation "qanda:topic_solved" for language "en-GB"
Missing translation "qanda:topic_solved" for language "en-GB"
Missing translation "qanda:topic_solved" for language "en-GB"
Missing translation "qanda:topic_solved" for language "en-GB"
Missing translation "qanda:menu.solved" for language "en-GB"
Missing translation "qanda:menu.solved" for language "en-GB"
2022-03-21T14:15:48.899Z [4571/91294] - error: POST /logout
invalid csrf token

I've reset all plugins, so it's not that. My nginx config doesn't seem to make much difference in the sense that if I switch proxy_set_header X-Forwarded-Proto https; with proxy_set_header X-Forwarded-Proto $scheme;

This is running on the same server as production, therefore, the port being used is 4571

I've seen multiple posts concerning this, and none of the fixes stated seem to work for me. If I run from another browser, or in incognito mode, nothing changes. Completely unable to login.

phenomlab

Fixed

I should have remembered that this database is from PROD, therefore, the cookie domain would need to be deleted. Issuing db.objects.update({_key: "config"}, {$set: {cookieDomain: ""}}); in the target DB under MongoDB, then restarting nodebb resolved the issue.

Able to login

ufan0

Two months ago, it works.

now I met the error again, and it does't work.

phenomlab

@ufan0 Please see this thread

Invalid CSRF on dev install

@小城风雨多 The command should still work. What is the output?

Sudonix | A one-stop-shop for all your technology questions (sudonix.org)