Upgrading to 6.0... CSRF token error. [solved]

General Discussion
  • @kevin 0.6.0 isn't considered stable, so may introduce new issues that still require fixes. If you're only testing, then by all means use 0.6.0 to see how it performs, but if you're running an environment, and 0.6.0 doesn't work for you, you can't go back to 0.5.x. Your mileage will vary when it comes to using 0.6.0, support will usually only come from the devs, as I can't think of many other community reps that run latest in production.

    Caveats, you may run into issues upgrading, read the errors, they'll tell you the issue (usually). Plugins that you currently use will need updating to the 0.6.0 versions (@latest) on npm, plugins you rely on may not yet be ported to 0.6.0.

    If you're happy with all of those warnings:

    In your nodebb folder.

    git checkout master
    git pull
    ./nodebb upgrade
    ./nodebb restart

    If you've made any changes to core nodebb or it's themes, you may get an error at the git pull stage, you will need to handle those changes, either via a stash or merge. I personally use stash, as I run a relatively vanilla NodeBB.

    Hope that helps.

    This could probably be a life bible for everyone that is thinking of using Master, just replace the version numbers as required. 😆

  • @a_5mith
    yep, while trying to install 6.0 it broke the whole website. lol. How do I downgrade?

  • Depends how it broke. If you've upgraded the database, there is no going back unless you backed up your database before upgrading.

    What errors do you see? Most likely a plugin you installed needs upgrading.

  • @kevin as Julian said (and me in my first post actually), you don't. That's why its considered unstable/development. Look through your logs, for where it failed and post here. It will say something like can not find x of undefined or something, then the line below will be the location, if the location is a plugin you've installed, run npm install [email protected]

    Do this for each error.

  • I cant log in, I just get "Failed login attempt, please try again. Forbidden"

    24/11 21:47 [3644] - error: /login
     Error: invalid csrf token
    at module.exports (/root/nodebb/node_modules/csurf/node_modules/http-errors/index.js:32:16)
    at verifytoken (/root/nodebb/node_modules/csurf/index.js:237:11)
    at csrf (/root/nodebb/node_modules/csurf/index.js:100:7)
    at Layer.handle [as handle_request] (/root/nodebb/node_modules/express/lib/router/layer.js:82:5)
    at next (/root/nodebb/node_modules/express/lib/router/route.js:100:13)
    at Route.dispatch (/root/nodebb/node_modules/express/lib/router/route.js:81:3)
    at Layer.handle [as handle_request] (/root/nodebb/node_modules/express/lib/router/layer.js:82:5)
    at /root/nodebb/node_modules/express/lib/router/index.js:235:24
    at Function.proto.process_params (/root/nodebb/node_modules/express/lib/router/index.js:313:12)
    at /root/nodebb/node_modules/express/lib/router/index.js:229:12
    

    and also can't register either.

    24/11 22:39 [1094] - error: /register
    Error: invalid csrf token
    at module.exports (/root/nodebb/node_modules/csurf/node_modules/http-errors/index.js:32:16)
    at verifytoken (/root/nodebb/node_modules/csurf/index.js:237:11)
    at csrf (/root/nodebb/node_modules/csurf/index.js:100:7)
    at Layer.handle [as handle_request] (/root/nodebb/node_modules/express/lib/router/layer.js:82:5)
    at next (/root/nodebb/node_modules/express/lib/router/route.js:100:13)
    at Route.dispatch (/root/nodebb/node_modules/express/lib/router/route.js:81:3)
    at Layer.handle [as handle_request] (/root/nodebb/node_modules/express/lib/router/layer.js:82:5)
    at /root/nodebb/node_modules/express/lib/router/index.js:235:24
    at Function.proto.process_params (/root/nodebb/node_modules/express/lib/router/index.js:313:12)
    at /root/nodebb/node_modules/express/lib/router/index.js:229:12
    
  • Fixed. Had to remove all the <input CSRF> references in login.tpl, register.tpl and the header.tpl.

  • @kevin It sounds like your vanilla and lavender theme packages were not updated along with core.

  • Oho! That might be the issue with my plugin as Im running a sloppily forked theme.

  • Sadly, i don't seem to be able to verify this. But it was a good excuse to prune presently duplicate files from my theme.

    It appears that something has broken my plugin as well as the imgur plugin I based it on.

    I suspect this error is relevant

    warn: [hotswap] Could not find router in stack with hotswapId auth

    or this one:

    warn: [hotswap] Could not find router in stack with hotswapId plugins

    I'm still digging through the plugin changes.

    Running HEAD as of about half an hour ago.

  • And yes, cleaning out the stale, stray files from when I originally cloned off of vanilla fixed the csrf issues I was having.


Suggested Topics


  • 0 Votes
    2 Posts
    272 Views
  • 0 Votes
    2 Posts
    554 Views
  • 0 Votes
    1 Posts
    1656 Views
  • 0 Votes
    12 Posts
    5822 Views
  • Proxy Error

    General Discussion
    0 Votes
    3 Posts
    1599 Views