_csrf error



  • I receive the following error after my NodeBB is up and running for a few hours. It doesn't seem to be specific to a browser or IP address, either. Is it something with my site configuration that I can fix?

    {"error": "Cannot read property '_csrf' of undefined"}
    

    Node v.0.10.20
    RHEL 6.5 w/ 2.6.32-431.11.2.el6.x86_64
    NodeBB 0.4.2
    Redis server version 2.4.10

    Edit: The site does not render at that point, and the error is printed in plaintext. Could the error be related to unverified user accounts? I just setup Mandrill after I had 2 users register as the local email wasn't working.


  • Admin

    Hmm, what page do you get this error?



  • @psychobunny I believe all pages. Forum and Admin so far.


  • Admin

    @Guiri Hm... can you check the server logs (in logs/output.log) and let me know the full stack trace of the error? Not sure if it'll help...



  • @julian I've uploaded the logs here.

    Looking at it as a novice, it appears I should remove the rss plugin. I also tried changing the Site Name in admin, thinking that it may be conflicting with the production site's csrf cookie somehow, but that didn't help.

    EDIT: Happy to run more tests and upload more logs. Just point me in the right direction.


  • Admin

    Looks like it's time for me to fix the rss plugin 👼


  • Admin

    Updated the rss plugin you shouldn't get those errors when you update.



  • @baris Awesome! Thank you. npm install nodebb-plugin-rss && ./nodebb restart? Also, how can I help you guys dig into the _csrf error? Do you want me to setup another instance on another port on the same machine to see if it's plugin related? Would doing this conflict with the same Redis DB?


  • Admin

    You can run another instance on another redis database just use another number during node app --setup when it asks for database name. When you get that error is redis still running? Try redis-cli and see if you can access, also this might be relevant.



  • @baris I'll setup a second install this evening to test. I did find this on StackOverflow.

    More importantly, issuing sudo service redis stop does reproduce that error. So now I need to figure out why the default redis package on RHEL 6.5 keeps dying.


  • Admin

    @Guiri First stop is /var/log/redis 🙂



  • @julian Yes. Turns out I had to echo 1 > /proc/sys/vm/overcommit_memory. The forum has been running great!


  • Global Moderator

    Hey @julian, I've just installed NodeBB again on a clean Droplet, following psychobunnys noob guide for reference, and when logging in I got the same error. The page stops at /?loggedin with 500 Internal Server Error, api/config/ also has the same error, removing `/?loggedin' takes me back to the homepage, and I am logged in though.

    I went into NodeBBs logs and saw this node_redis: no callback to send error: ERR unknown command 'pexpire'

    Went into /var/log/redis, the only error in there was about overcommit_memory needing to be set to 1.

    Have I set up a duff droplet on Digital Ocean or something? I've installed NodeBB about 3 or 4 times now, but never had this issue.


  • Admin

    What version is your redis? You can see in the ACP>database. Looks like pexpire is only supported on redis 2.6.0 and up.


  • Global Moderator

    @baris Seems that could be the issue then, as it states my Redis version is 2.2.12.

    Have updated to version 2.8.9. Must have missed a command somewhere. 😕


  • Global Moderator

    Seems it hasn't been fixed. 😕

    I get this running ./nodebb dev

    error: TypeError: Cannot read property 'maxCount' of undefined
    at expandObjBy (/home/a_5mith/35hz/src/settings.js:7:14)
    at /home/a_5mith/35hz/src/settings.js:83:7
    at /home/a_5mith/35hz/src/meta.js:457:5
    at try_callback (/home/a_5mith/35hz/node_modules/redis/index.js:573:9)
    at RedisClient.return_reply (/home/a_5mith/35hz/node_modules/redis/index.js:661:13)
    at ReplyParser.<anonymous> (/home/a_5mith/35hz/node_modules/redis/index.js:309:14)
    at ReplyParser.EventEmitter.emit (events.js:95:17)
    at ReplyParser.send_reply (/home/a_5mith/35hz/node_modules/redis/lib/parser/javascript.js:300:10)
    at ReplyParser.execute (/home/a_5mith/35hz/node_modules/redis/lib/parser/javascript.js:211:22)
    at RedisClient.on_data (/home/a_5mith/35hz/node_modules/redis/index.js:534:27)
    
    
    TypeError: Cannot read property '_csrf' of undefined
    at Object.handle (/home/a_5mith/35hz/node_modules/express/node_modules/connect/lib/middleware/csrf.js:45:28)
     at next (/home/a_5mith/35hz/node_modules/express/node_modules/connect/lib/proto.js:190:15)
     at Object.session [as handle] (/home/a_5mith/35hz/node_modules/express/node_modules/connect/lib/middleware/session.js:218:61)
     at next (/home/a_5mith/35hz/node_modules/express/node_modules/connect/lib/proto.js:190:15)
     at Object.cookieParser [as handle] (/home/a_5mith/35hz/node_modules/express/node_modules/connect/lib/middleware/cookieParser.js:60:5)
    at next (/home/a_5mith/35hz/node_modules/express/node_modules/connect/lib/proto.js:190:15)
    at multipart (/home/a_5mith/35hz/node_modules/express/node_modules/connect/lib/middleware/multipart.js:64:37)
    at /home/a_5mith/35hz/node_modules/express/node_modules/connect/lib/middleware/bodyParser.js:57:9
    at urlencoded (/home/a_5mith/35hz/node_modules/express/node_modules/connect/lib/middleware/urlencoded.js:51:37)
    at /home/a_5mith/35hz/node_modules/express/node_modules/connect/lib/middleware/bodyParser.js:55:7
    

    Oh and redis version is 2.8.4, not 2.8.9. 🙂 Ubuntu version is 14.04 if this helps.

    Oh and everything worked fine until I tried enabling some plugins, installed and enabled, clicked Home to restart nodebb, page didn't change, so tried loading homepage, nada, have reset all plugins, still getting the issue.

    Edit: a quick git pull (1 deletion) & ./nodebb upgrade later and it seems to be ok, one of the plugins seems to be the cause. Trying to figure out which one.


  • Global Moderator

    Culprit seems to be plugin-emoji-extended, although I've no idea why. Enabling that plugin gives me the csrf error, disabling makes the error go away. 😕


  • GNU/Linux

    the first error seems to be my fault: #1517 sorry for that 🍰
    It appears within emoji-extended now because I recently updated to the new settings framework
    But I have no clue what the TypeError: Cannot read property '_csrf' of undefined is about... maybe it disappears when the first one is fixed.


  • Admin

    Just merged the above fix, let me know if your error is fixed after pulling latest


  • Global Moderator

    @psychobunny That's done the trick, no csrf error when enabling emoji-extended. 👍


Log in to reply
 


Looks like your connection to NodeBB was lost, please wait while we try to reconnect.