Invalid CSRF Token (docker kubernetes, no Nginx)
-
I'm running nodebb 1.0.0 forum on docker/kubernetes stack and it works until I try to login. When I try to login I'm getting "invalid csrf token" in logs and forbidden in the browser. On the nodebb's forum it's written https://community.nodebb.org/topic/9222/invalid-csrf-token/6 to add "proxy_set_header X-Forwarded-Proto $scheme; to your Nginx configuration" but I have no Nginx. I'd like to know is there a place in configuration of nodebb to add this to?
Locally when I was running this through docker on ubuntu with all the same ports exposed on localhost like localhost:4567 it worked fine. But now inside docker it's still localhost:4567 but the external dns for it is like http://kubernetes-hack-qwe.zasdfg.int:31955/ requests for this dns and port goes to my kubernetes service with port 31955, and this port then sends this to docker with port 4567. I have no nginx involved anywhere. How can I make login work in my case?
-
edit config.json and set the url parameter to "http://kubernetes-hack-qwe.zasdfg.int:31955"
-
@phit @baris it's
"url" : "http://kubernetes-hack-qwe.zasdfg.int:31955"still have the same issue.
-
@baris Also for the POST request during login I don't see any tokens:
*Request URL:http://kubernetes-hack-dev.acomcloud.int:31955/login
Request Method:POST
Status Code:403 Forbidden
Remote Address:10.15.1.190:31955Response Headers:
Access-Control-Allow-Origin:null
Connection:keep-alive
Content-Length:9
Content-Type:text/plain; charset=utf-8
Date:Thu, 05 Jan 2017 15:43:23 GMT
ETag:W/"9-cilpV3qWyjlT6E49lJ3ugQ"
Vary:Accept-Encoding
X-Frame-Options:SAMEORIGIN
X-Powered-By:NodeBBRequest Headers:
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
Accept-Encoding:gzip, deflate
Accept-Language:en-US,en;q=0.8,ru;q=0.6
Cache-Control:no-cache
Connection:keep-alive
Content-Length:46
Content-Type:application/x-www-form-urlencoded
Cookie:express.sid=s%3AD9OO1t1_OEyIlkt6A0K4wdo9b1TCTJZ-.ZTzcwSu686tHghVwWUqJOaIwZ3zxVbg4VX5PF8YCPFA
Host:kubernetes-hack-dev.acomcloud.int:31955
Origin:http://kubernetes-hack-dev.acomcloud.int:31955
Pragma:no-cache
Referer:http://kubernetes-hack-dev.acomcloud.int:31955/login
Upgrade-Insecure-Requests:1
User-Agent:Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36Form Data
username:admin
password:zasdf@2
remember:on* -
and this port then sends this to docker with port 4567. I have no nginx involved anywhere. How can I make login work in my case?
I'm not familiar with Docker, but something is acting as reverse proxy. You'll have to figure out what it is, and add that header in appropriately.
