csrf token (I tried everything to fix it) [SOLVED]



  • Hello everyone,
    I'm facing the well know problem about "csrf token" in login and registering...
    I've read a lot of topics about it in this forum and I tried almost everything, except changing proxy...

    I'm using:
    Node v8.12
    NodeBB v1.10.0
    Docker
    Traefik proxy (for docker)

    I've set Traefik to proxy also the injected header field X-FORWARDED-PROTO to https
    for Request and Response.

    This is an example of response header of the server:

    access-control-allow-credentials: true
    access-control-allow-origin: https://dev.myforum.com
    content-length: 2
    content-type: text/html
    date: Mon, 01 Oct 2018 07:54:45 GMT
    set-cookie: io=7V-i9SkpMxS16NPwAAAJ; Path=/; HttpOnly
    status: 200
    x-forwarded-proto: https
    

    I noticed that io set the cookie but already expired in 1969...

    This is my config.json file:

    {
        "url": "https://dev.myforum.com",
    	"port": 80,
            "database": "mongo",
            "secret": "34564732-4958-4118-8bb4-da85c061a657",
            "mongo": {
                "host": "x.x.x.x",
                "port": "27017",
                "username": "*****",
                "password": "*****",
                "database": "*****"
            },
            "socket.io": {
                "transports": ["polling"]
            },
    	"sessionKey": "express.sid"
        }
    

    My mongo config document is:
    (cookieDomain is set to void value)

    db.objects.find({_key: 'config'});
    
    // collection: objects
    {
    	"_id" : ObjectId("5a9449c688a1c2c5b6a98997"),
    	"_key" : "config",
    	"title" : "NodeBB",
    	"showSiteTitle" : NumberInt("1"),
    	"postDelay" : NumberInt("10"),
    	"initialPostDelay" : NumberInt("10"),
    	"newbiePostDelayThreshold" : NumberInt("3"),
    	"minimumPostLength" : NumberInt("8"),
    	"newbiePostDelay" : NumberInt("120"),
    	"minimumTagsPerTopic" : NumberInt("0"),
    	"maximumTagsPerTopic" : NumberInt("5"),
    	"allowGuestSearching" : NumberInt("0"),
    	"allowTopicsThumbnail" : NumberInt("0"),
    	"registrationType" : "normal",
    	"maximumPostLength" : NumberInt("32767"),
    	"allowAccountDelete" : NumberInt("1"),
    	"allowFileUploads" : NumberInt("0"),
    	"allowLocalLogin" : NumberInt("1"),
    	"allowUserHomePage" : "0",
    	"maximumFileSize" : NumberInt("2048"),
    	"minimumTitleLength" : NumberInt("3"),
    	"maximumTitleLength" : NumberInt("255"),
    	"minimumUsernameLength" : NumberInt("2"),
    	"maximumUsernameLength" : NumberInt("16"),
    	"minimumPasswordLength" : NumberInt("6"),
    	"maximumSignatureLength" : NumberInt("255"),
    	"maximumProfileImageSize" : NumberInt("256"),
    	"profileImageDimension" : NumberInt("128"),
    	"allowProfileImageUploads" : NumberInt("1"),
    	"maximumAboutMeLength" : NumberInt("1000"),
    	"teaserPost" : "last",
    	"requireEmailConfirmation" : NumberInt("0"),
    	"maximumCoverImageSize" : NumberInt("2048"),
    	"allowPrivateGroups" : NumberInt("1"),
    	"theme:type" : "local",
    	"theme:id" : "nodebb-theme-mytheme (deactivated)",
    	"theme:staticDir" : "",
    	"theme:templates" : "",
    	"theme:src" : "",
    	"maximumChatMessageLength" : 9007199254740991,
    	"trackIpPerPost" : NumberInt("1"),
    	"allowGuestHandles" : NumberInt("1"),
    	"profile:allowProfileImageUploads" : (1),
    	"reputation:disabled" : NumberInt("0"),
    	"downvote:disabled" : NumberInt("0"),
    	"allowedFileExtensions" : "png,jpg,bmp",
    	"customHTML" : null,
    	"customJS" : "",
    	"min:rep:downvote" : NumberInt("0"),
    	"min:rep:flag" : NumberInt("0"),
    	"homePageRoute" : "",
    	"homePageCustom" : "/intro",
    	"homePageTitle" : "",
    	"defaultLang" : "it",
    	"autoDetectLang" : "0",
    	"cookieDomain" : ""
    }
    

    What's wrong with my configuration??

    Thanks in advance



  • Ok, I solved it by binding a different port from 80 in my config.json:

    {
            "url": "https://dev.myforum.com",
    	"port": 4567,
            "database": "mongo",
            ...
    }
    

    So finally NodeBB set express.sid cookie 🙂


 

Suggested Topics

  • 1
  • 8
  • 8
  • 5
  • 8
| |