Problem with invalid csrf token on registration/login
-
I am running a nodebb 1.15.0 system on Ubuntu 20 on nginx. It's a newer install and we've had an occasional issue on both registration and login where folks will get a message denying their login or registration.
2020-11-12T06:11:19.312Z [4567/17870] - [31merror[39m: /register
invalid csrf tokenor
2020-11-12T06:11:13.910Z [4567/17870] - [31merror[39m: /login
invalid csrf tokenFrequently a refresh on the browser will let a user login or sometimes just waiting a few minutes.
Here's my config.json
{
"url": "https://opposite-lock.com",
"secret": "secret",
"database": "mongo",
"port": "4567",
"mongo": {
"host": "127.0.0.1",
"port": "27017",
"username": "nodebb",
"password": "secret",
"database": "nodebb",
"uri": ""
}}
Nginx config
server {
server_name opposite-lock.com; client_max_body_size 100M; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://127.0.0.1:4567; proxy_redirect off; # Socket.IO Support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/opposite-lock.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/opposite-lock.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = opposite-lock.com) {
return 301 https://$host$request_uri;
} # managed by Certbotlisten 80; server_name opposite-lock.com; return 404; # managed by Certbot
}
Any help would be very much appreciated!