Invalid CSRF Token (docker kubernetes, no Nginx)



  • I'm running nodebb 1.0.0 forum on docker/kubernetes stack and it works until I try to login. When I try to login I'm getting "invalid csrf token" in logs and forbidden in the browser. On the nodebb's forum it's written https://community.nodebb.org/topic/9222/invalid-csrf-token/6 to add "proxy_set_header X-Forwarded-Proto $scheme; to your Nginx configuration" but I have no Nginx. I'd like to know is there a place in configuration of nodebb to add this to?

    Locally when I was running this through docker on ubuntu with all the same ports exposed on localhost like localhost:4567 it worked fine. But now inside docker it's still localhost:4567 but the external dns for it is like http://kubernetes-hack-qwe.zasdfg.int:31955/ requests for this dns and port goes to my kubernetes service with port 31955, and this port then sends this to docker with port 4567. I have no nginx involved anywhere. How can I make login work in my case?



  • edit config.json and set the url parameter to "http://kubernetes-hack-qwe.zasdfg.int:31955"


  • Admin

    url property in config.json should not have a traling /



  • @phit @baris it's
    "url" : "http://kubernetes-hack-qwe.zasdfg.int:31955"

    still have the same issue.



  • @baris Also for the POST request during login I don't see any tokens:

    *Request URL:http://kubernetes-hack-dev.acomcloud.int:31955/login
    Request Method:POST
    Status Code:403 Forbidden
    Remote Address:10.15.1.190:31955

    Response Headers:
    Access-Control-Allow-Origin:null
    Connection:keep-alive
    Content-Length:9
    Content-Type:text/plain; charset=utf-8
    Date:Thu, 05 Jan 2017 15:43:23 GMT
    ETag:W/"9-cilpV3qWyjlT6E49lJ3ugQ"
    Vary:Accept-Encoding
    X-Frame-Options:SAMEORIGIN
    X-Powered-By:NodeBB

    Request Headers:
    Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
    Accept-Encoding:gzip, deflate
    Accept-Language:en-US,en;q=0.8,ru;q=0.6
    Cache-Control:no-cache
    Connection:keep-alive
    Content-Length:46
    Content-Type:application/x-www-form-urlencoded
    Cookie:express.sid=s%3AD9OO1t1_OEyIlkt6A0K4wdo9b1TCTJZ-.ZTzcwSu686tHghVwWUqJOaIwZ3zxVbg4VX5PF8YCPFA
    Host:kubernetes-hack-dev.acomcloud.int:31955
    Origin:http://kubernetes-hack-dev.acomcloud.int:31955
    Pragma:no-cache
    Referer:http://kubernetes-hack-dev.acomcloud.int:31955/login
    Upgrade-Insecure-Requests:1
    User-Agent:Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36

    Form Data
    username:admin
    password:zasdf@2
    remember:on*


  • Admin

    and this port then sends this to docker with port 4567. I have no nginx involved anywhere. How can I make login work in my case?

    I'm not familiar with Docker, but something is acting as reverse proxy. You'll have to figure out what it is, and add that header in appropriately.


Log in to reply
 

Looks like your connection to NodeBB was lost, please wait while we try to reconnect.