Problem with invalid csrf token on registration/login

jminer

I am running a nodebb 1.15.0 system on Ubuntu 20 on nginx. It's a newer install and we've had an occasional issue on both registration and login where folks will get a message denying their login or registration.

2020-11-12T06:11:19.312Z [4567/17870] - error: /register
invalid csrf token

or

2020-11-12T06:11:13.910Z [4567/17870] - error: /login
invalid csrf token

Frequently a refresh on the browser will let a user login or sometimes just waiting a few minutes.

Here's my config.json

{
"url": "https://opposite-lock.com",
"secret": "secret",
"database": "mongo",
"port": "4567",
"mongo": {
"host": "127.0.0.1",
"port": "27017",
"username": "nodebb",
"password": "secret",
"database": "nodebb",
"uri": ""
}

}

Nginx config

server {

server_name opposite-lock.com;

client_max_body_size 100M;

location / {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $http_host;
    proxy_set_header X-NginX-Proxy true;

    proxy_pass http://127.0.0.1:4567;
    proxy_redirect off;

    # Socket.IO Support
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
}

listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/opposite-lock.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/opposite-lock.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
if ($host = opposite-lock.com) {
return 301 https://$host$request_uri;
} # managed by Certbot

listen 80;

server_name opposite-lock.com;
return 404; # managed by Certbot

}

Any help would be very much appreciated!