Upgrading to 6.0... CSRF token error. [solved]

General Discussion
  • @a_5mith
    yep, while trying to install 6.0 it broke the whole website. lol. How do I downgrade?

  • Depends how it broke. If you've upgraded the database, there is no going back unless you backed up your database before upgrading.

    What errors do you see? Most likely a plugin you installed needs upgrading.

  • @kevin as Julian said (and me in my first post actually), you don't. That's why its considered unstable/development. Look through your logs, for where it failed and post here. It will say something like can not find x of undefined or something, then the line below will be the location, if the location is a plugin you've installed, run npm install [email protected]

    Do this for each error.

  • I cant log in, I just get "Failed login attempt, please try again. Forbidden"

    24/11 21:47 [3644] - error: /login
     Error: invalid csrf token
    at module.exports (/root/nodebb/node_modules/csurf/node_modules/http-errors/index.js:32:16)
    at verifytoken (/root/nodebb/node_modules/csurf/index.js:237:11)
    at csrf (/root/nodebb/node_modules/csurf/index.js:100:7)
    at Layer.handle [as handle_request] (/root/nodebb/node_modules/express/lib/router/layer.js:82:5)
    at next (/root/nodebb/node_modules/express/lib/router/route.js:100:13)
    at Route.dispatch (/root/nodebb/node_modules/express/lib/router/route.js:81:3)
    at Layer.handle [as handle_request] (/root/nodebb/node_modules/express/lib/router/layer.js:82:5)
    at /root/nodebb/node_modules/express/lib/router/index.js:235:24
    at Function.proto.process_params (/root/nodebb/node_modules/express/lib/router/index.js:313:12)
    at /root/nodebb/node_modules/express/lib/router/index.js:229:12
    

    and also can't register either.

    24/11 22:39 [1094] - error: /register
    Error: invalid csrf token
    at module.exports (/root/nodebb/node_modules/csurf/node_modules/http-errors/index.js:32:16)
    at verifytoken (/root/nodebb/node_modules/csurf/index.js:237:11)
    at csrf (/root/nodebb/node_modules/csurf/index.js:100:7)
    at Layer.handle [as handle_request] (/root/nodebb/node_modules/express/lib/router/layer.js:82:5)
    at next (/root/nodebb/node_modules/express/lib/router/route.js:100:13)
    at Route.dispatch (/root/nodebb/node_modules/express/lib/router/route.js:81:3)
    at Layer.handle [as handle_request] (/root/nodebb/node_modules/express/lib/router/layer.js:82:5)
    at /root/nodebb/node_modules/express/lib/router/index.js:235:24
    at Function.proto.process_params (/root/nodebb/node_modules/express/lib/router/index.js:313:12)
    at /root/nodebb/node_modules/express/lib/router/index.js:229:12
    
  • Fixed. Had to remove all the <input CSRF> references in login.tpl, register.tpl and the header.tpl.

  • @kevin It sounds like your vanilla and lavender theme packages were not updated along with core.

  • Oho! That might be the issue with my plugin as Im running a sloppily forked theme.

  • Sadly, i don't seem to be able to verify this. But it was a good excuse to prune presently duplicate files from my theme.

    It appears that something has broken my plugin as well as the imgur plugin I based it on.

    I suspect this error is relevant

    warn: [hotswap] Could not find router in stack with hotswapId auth

    or this one:

    warn: [hotswap] Could not find router in stack with hotswapId plugins

    I'm still digging through the plugin changes.

    Running HEAD as of about half an hour ago.

  • And yes, cleaning out the stale, stray files from when I originally cloned off of vanilla fixed the csrf issues I was having.


Suggested Topics