Error: Invalid csrf token thrown when user tries to register or login



  • Sometimes, when a user tries to login or register in the forums, the server throws an Error: Invalid csrf token. I've been able to login on my phone and a friend told me he registered successfully, but another friend said there was an 'internal error' and I've been unable to login from my computer. Any ideas? I've tried rebooting the server multiple times, and this is the third version of NodeBB I've spun up.


  • Global Moderator

    @Quylaa what's your base URL set to in nodebb/config.json?

    Also if you use nginx, check the proxy pass matches that base URL.


  • Admin

    @Quylaa Is your NodeBB crashing often? Every time it crashes, any issued CSRF tokens are invalidated. Check the NodeBB logs (./nodebb log) to see...



  • Sorry for not updating you guys earlier, I was in kind of a rush to get a working install. I ended up reverting to a previous install that worked, albeit we had to run people through the public IP for a while until cloudflare cached the files.



  • I am having the same problem, @julian. I get more and more messages from users saying they can't log in... Any idea how to fix it?

    @Quylaa what's your base URL set to in nodebb/config.json?

    Also if you use nginx, check the proxy pass matches that base URL.

    My proxy pass URL is http://127.0.0.1:4567/ and the one in my nodebb config file is https://forum.magicmirror.builders/ since if I also make them localhost links in the forum start with localhost instead of the real domain is that a problem?



  • Update: I tried this and will report if it helps. Is this new? Haven't seen it when I first configured it.



  • Yes the X-Forwarded-Proto Nginx setting is new for v1.1.0. It was a requirement on master for a while now.


Log in to reply
 

Looks like your connection to NodeBB was lost, please wait while we try to reconnect.