@baris Oh God, thank you. After a big journey to get here, finally I could see it working. I almost gave up. I appreciate your support.
Invalid CSRF on dev install
Solved
Technical Support
-
Hi. I've setup a new domain at https://sudonix.dev to mirror my production domain of https://sudonix.com. I've completed the installation, recovered the database, and now have the dread
invalid csrf tokenerror - see below2022-03-21T14:15:25.859Z [4571/91294] - info: Initializing NodeBB v1.19.5 https://sudonix.dev 2022-03-21T14:15:27.761Z [4571/91294] - info: [socket.io] Restricting access to origin: https://sudonix.dev:* 2022-03-21T14:15:27.858Z [4571/91294] - warn: [plugins] "@nodebb/nodebb-plugin-user-level" is active but not installed. (node:91294) Warning: Accessing non-existent property 'padLevels' of module exports inside circular dependency (Use `node --trace-warnings ...` to show where the warning was created) 2022-03-21T14:15:28.637Z [4571/91294] - warn: [plugins/load] DEPRECATION The hook filter:router.page has been deprecated as of v1.15.3, and slated for removal in v2.1.0. Please use response:router.page instead. The following plugins are still listening for this hook: * nodebb-plugin-write-api 2022-03-21T14:15:28.724Z [4571/91294] - info: [plugins/spam-be-gone] Settings loaded 2022-03-21T14:15:28.734Z [4571/91294] - info: [reputation-rules] settings loaded 2022-03-21T14:15:28.925Z [4571/91294] - info: [api] Adding 4 route(s) to `api/v3/plugins` 2022-03-21T14:15:28.936Z [4571/91294] - info: [router] Routes added 2022-03-21T14:15:28.947Z [4571/91294] - info: NodeBB Ready 2022-03-21T14:15:28.948Z [4571/91294] - info: Enabling 'trust proxy' 2022-03-21T14:15:28.950Z [4571/91294] - info: NodeBB is now listening on: 0.0.0.0:4571 2022-03-21T14:15:47.488Z [4571/91294] - error: [plugin/iframely] Could not parse embed: Failed to lookup view "partials/iframely-widget-card" in views directory "/home/sudonix.dev/nodebb/build/public/templates". Url: https://sudonix.com/topic/233/nodebb-welcome-message-with-logo-footer-change/3?_=1645445273209 Missing translation "2factor:title" for language "en-GB" Missing translation "qanda:topic_solved" for language "en-GB" Missing translation "qanda:topic_solved" for language "en-GB" Missing translation "qanda:topic_solved" for language "en-GB" Missing translation "qanda:topic_solved" for language "en-GB" Missing translation "qanda:topic_unsolved" for language "en-GB" Missing translation "qanda:topic_solved" for language "en-GB" Missing translation "qanda:topic_solved" for language "en-GB" Missing translation "qanda:topic_solved" for language "en-GB" Missing translation "qanda:topic_solved" for language "en-GB" Missing translation "qanda:topic_solved" for language "en-GB" Missing translation "qanda:topic_solved" for language "en-GB" Missing translation "qanda:menu.solved" for language "en-GB" Missing translation "qanda:menu.solved" for language "en-GB" 2022-03-21T14:15:48.899Z [4571/91294] - error: POST /logout invalid csrf tokenI've reset all plugins, so it's not that. My
nginxconfig doesn't seem to make much difference in the sense that if I switchproxy_set_header X-Forwarded-Proto https;withproxy_set_header X-Forwarded-Proto $scheme;This is running on the same server as production, therefore, the port being used is
4571I've seen multiple posts concerning this, and none of the fixes stated seem to work for me. If I run from another browser, or in incognito mode, nothing changes. Completely unable to login.
-
Fixed
I should have remembered that this database is from PROD, therefore, the cookie domain would need to be deleted. Issuing
db.objects.update({_key: "config"}, {$set: {cookieDomain: ""}});in the target DB under MongoDB, then restartingnodebbresolved the issue.Able to login
-
P phenomlab has marked this topic as solved on
