Skip to content
  • Home
  • Categories
  • Recent
  • Popular
  • World
  • Top
  • Tags
  • Users
  • Groups
  • Documentation
    • Home
    • Read API
    • Write API
    • Plugin Development
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo
v3.10.3 Latest
Buy Hosting
  1. Home
  2. NodeBB Development
  3. Bug Reports
  4. invalid CSRF token during registration

invalid CSRF token during registration

Scheduled Pinned Locked Moved Bug Reports
4 Posts 2 Posters 718 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • crazycellsC Offline
    crazycellsC Offline
    crazycells
    wrote on last edited by
    #1

    We got some complaints from new users that right after registration, they get an error and see a blank "forbidden" page with a link like this:

    register/complete/?_csrf=XXXXXX

    however when one person deleted the part ?_csrf=XXXXXX... and click the link, he was able to log in... After looking at the logs, I can see these mistakes happening frequently...

    we are currently using 1.18.6, should we upgrade to 1.19 to eliminate these errors?

    2022-01-17T14:48:29.084Z [4567/26963] - error: /forum/register/complete/
invalid csrf token
2022-01-17T16:30:54.666Z [4569/26966] - error: /forum/logout
invalid csrf token
2022-01-17T16:31:59.605Z [4567/26963] - error: /assets/uploads/files/119/1503486526413eyalet-di%C5%9F-okulu-bilgisi.png
Error: Login sessions require session support. Did you forget to use `express-session` middleware?
    at SessionStrategy.authenticate (/home/fsuzer/nodebb/node_modules/passport/lib/strategies/session.js:46:41)
    at attempt (/home/fsuzer/nodebb/node_modules/passport/lib/middleware/authenticate.js:369:16)
    at authenticate (/home/fsuzer/nodebb/node_modules/passport/lib/middleware/authenticate.js:370:7)
    at Layer.handle [as handle_request] (/home/fsuzer/nodebb/node_modules/express/lib/router/layer.js:95:5)
    at trim_prefix (/home/fsuzer/nodebb/node_modules/express/lib/router/index.js:323:13)
    at /home/fsuzer/nodebb/node_modules/express/lib/router/index.js:284:7
    at Function.process_params (/home/fsuzer/nodebb/node_modules/express/lib/router/index.js:341:12)
    at next (/home/fsuzer/nodebb/node_modules/express/lib/router/index.js:275:10)
    at initialize (/home/fsuzer/nodebb/node_modules/passport/lib/middleware/initialize.js:89:5)
    at Layer.handle [as handle_request] (/home/fsuzer/nodebb/node_modules/express/lib/router/layer.js:95:5)
2022-01-17T16:36:01.474Z [4567/26963] - error: /forum/api/v3/users/14305/follow
invalid csrf token
2022-01-17T16:48:11.040Z [4568/26964] - error: notifications.getCount
Error: revalidate-failure
    at validateSession (/home/fsuzer/nodebb/src/socket.io/index.js:208:9)
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at onMessage (/home/fsuzer/nodebb/src/socket.io/index.js:153:3)
2022-01-17T16:53:59.303Z [4568/26964] - error: /forum/register/complete/
invalid csrf token
2022-01-17T17:00:00.011Z [4568/26964] - info: [user/jobs] Did not send digests (day) because subscription system is disabled.
2022-01-17T17:00:00.024Z [4567/26963] - info: [user/jobs] Did not send digests (day) because subscription system is disabled.
2022-01-17T17:00:43.621Z [4568/26964] - warn: [deprecated]
     at SocketTopics.getTopic (/home/fsuzer/nodebb/src/socket.io/topics.js:99:10)
    at wrapperCallback (/home/fsuzer/nodebb/src/promisify.js:46:11)
    at onMessage (/home/fsuzer/nodebb/src/socket.io/index.js:160:25)
     use GET /api/v3/topics/:tid
2022-01-17T17:00:45.320Z [4568/26964] - warn: [deprecated]
     at SocketTopics.getTopic (/home/fsuzer/nodebb/src/socket.io/topics.js:99:10)
    at wrapperCallback (/home/fsuzer/nodebb/src/promisify.js:46:11)
    at onMessage (/home/fsuzer/nodebb/src/socket.io/index.js:160:25)
     use GET /api/v3/topics/:tid
2022-01-17T17:59:34.773Z [4568/26964] - error: /forum/logout
invalid csrf token
2022-01-17T17:59:37.207Z [4568/26964] - error: /forum/logout
invalid csrf token
2022-01-17T18:01:04.641Z [4568/26964] - error: /forum/logout
invalid csrf token
2022-01-17T18:04:22.743Z [4570/26972] - error: /assets/uploads/files/207/1546969176845e868e8b4-0b1b-4cee-9aef-c3b6b1ecdf3b-image.png
Error: Login sessions require session support. Did you forget to use `express-session` middleware?
    at SessionStrategy.authenticate (/home/fsuzer/nodebb/node_modules/passport/lib/strategies/session.js:46:41)
    at attempt (/home/fsuzer/nodebb/node_modules/passport/lib/middleware/authenticate.js:369:16)
    at authenticate (/home/fsuzer/nodebb/node_modules/passport/lib/middleware/authenticate.js:370:7)
    at Layer.handle [as handle_request] (/home/fsuzer/nodebb/node_modules/express/lib/router/layer.js:95:5)
    at trim_prefix (/home/fsuzer/nodebb/node_modules/express/lib/router/index.js:323:13)
    at /home/fsuzer/nodebb/node_modules/express/lib/router/index.js:284:7
    at Function.process_params (/home/fsuzer/nodebb/node_modules/express/lib/router/index.js:341:12)
    at next (/home/fsuzer/nodebb/node_modules/express/lib/router/index.js:275:10)
    at initialize (/home/fsuzer/nodebb/node_modules/passport/lib/middleware/initialize.js:89:5)
    at Layer.handle [as handle_request] (/home/fsuzer/nodebb/node_modules/express/lib/router/layer.js:95:5)
2022-01-17T18:05:04.276Z [4567/26963] - error: meta.rooms.leaveCurrent
Error: revalidate-failure
    at validateSession (/home/fsuzer/nodebb/src/socket.io/index.js:208:9)
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at onMessage (/home/fsuzer/nodebb/src/socket.io/index.js:153:3)
2022-01-17T18:06:06.006Z [4568/26964] - error: /forum/register/complete/
invalid csrf token
2022-01-17T18:07:48.857Z [4568/26964] - error: plugins.browsingUsers.getBrowsingUsers
Error: revalidate-failure
    at validateSession (/home/fsuzer/nodebb/src/socket.io/index.js:208:9)
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at onMessage (/home/fsuzer/nodebb/src/socket.io/index.js:153:3)
2022-01-17T18:08:15.486Z [4568/26964] - error: /forum/register/complete/
invalid csrf token
2022-01-17T18:08:46.586Z [4568/26964] - error: meta.rooms.leaveCurrent
Error: revalidate-failure
    at validateSession (/home/fsuzer/nodebb/src/socket.io/index.js:208:9)
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at onMessage (/home/fsuzer/nodebb/src/socket.io/index.js:153:3)
    crazycellsC 1 Reply Last reply
    1
    • crazycellsC Offline
      crazycellsC Offline
      crazycells
      replied to crazycells on last edited by
      #2

      this is our nginx config file:

      https://pastebin.com/czyS4qDf

      this is our nodebb config file:

      https://pastebin.com/iGCXMmTA

      crazycellsC 1 Reply Last reply
      0
      • crazycellsC Offline
        crazycellsC Offline
        crazycells
        replied to crazycells on last edited by
        #3

        additionally, the main site is WordPress, and NodeBB is installed at /forum

        1 Reply Last reply
        0
        • barisB Offline
          barisB Offline
          <baris> NodeBB
          wrote on last edited by
          #4

          I suggest updating to 1.19.0 and applying this change as well https://github.com/NodeBB/NodeBB/commit/e9ee843b274b1e1f38b992650f3f74f940a20a49.

          After that users might have to clear their cookies and refresh their browsers. Let us know if they still experience csrf errors after those changes.

          1 Reply Last reply
          2

          Copyright © 2024 NodeBB | Contributors
          • Login
          • Don't have an account? Register
          • Login or register to search.
          Powered by NodeBB Contributors
          • First post
            Last post
          0
          • Home
          • Categories
          • Recent
          • Popular
          • World
          • Top
          • Tags
          • Users
          • Groups
          • Documentation
            • Home
            • Read API
            • Write API
            • Plugin Development