Upgrading to 6.0... CSRF token error. [solved]


  • @a_5mith
    yep, while trying to install 6.0 it broke the whole website. lol. How do I downgrade?

  • GNU/Linux Admin

    Depends how it broke. If you've upgraded the database, there is no going back unless you backed up your database before upgrading.

    What errors do you see? Most likely a plugin you installed needs upgrading.


  • @kevin as Julian said (and me in my first post actually), you don't. That's why its considered unstable/development. Look through your logs, for where it failed and post here. It will say something like can not find x of undefined or something, then the line below will be the location, if the location is a plugin you've installed, run npm install plugin-name@latest

    Do this for each error.


  • I cant log in, I just get "Failed login attempt, please try again. Forbidden"

    24/11 21:47 [3644] - error: /login
     Error: invalid csrf token
    at module.exports (/root/nodebb/node_modules/csurf/node_modules/http-errors/index.js:32:16)
    at verifytoken (/root/nodebb/node_modules/csurf/index.js:237:11)
    at csrf (/root/nodebb/node_modules/csurf/index.js:100:7)
    at Layer.handle [as handle_request] (/root/nodebb/node_modules/express/lib/router/layer.js:82:5)
    at next (/root/nodebb/node_modules/express/lib/router/route.js:100:13)
    at Route.dispatch (/root/nodebb/node_modules/express/lib/router/route.js:81:3)
    at Layer.handle [as handle_request] (/root/nodebb/node_modules/express/lib/router/layer.js:82:5)
    at /root/nodebb/node_modules/express/lib/router/index.js:235:24
    at Function.proto.process_params (/root/nodebb/node_modules/express/lib/router/index.js:313:12)
    at /root/nodebb/node_modules/express/lib/router/index.js:229:12
    

    and also can't register either.

    24/11 22:39 [1094] - error: /register
    Error: invalid csrf token
    at module.exports (/root/nodebb/node_modules/csurf/node_modules/http-errors/index.js:32:16)
    at verifytoken (/root/nodebb/node_modules/csurf/index.js:237:11)
    at csrf (/root/nodebb/node_modules/csurf/index.js:100:7)
    at Layer.handle [as handle_request] (/root/nodebb/node_modules/express/lib/router/layer.js:82:5)
    at next (/root/nodebb/node_modules/express/lib/router/route.js:100:13)
    at Route.dispatch (/root/nodebb/node_modules/express/lib/router/route.js:81:3)
    at Layer.handle [as handle_request] (/root/nodebb/node_modules/express/lib/router/layer.js:82:5)
    at /root/nodebb/node_modules/express/lib/router/index.js:235:24
    at Function.proto.process_params (/root/nodebb/node_modules/express/lib/router/index.js:313:12)
    at /root/nodebb/node_modules/express/lib/router/index.js:229:12

  • Fixed. Had to remove all the <input CSRF> references in login.tpl, register.tpl and the header.tpl.

  • GNU/Linux Admin

    @kevin It sounds like your vanilla and lavender theme packages were not updated along with core.


  • Oho! That might be the issue with my plugin as Im running a sloppily forked theme.


  • Sadly, i don't seem to be able to verify this. But it was a good excuse to prune presently duplicate files from my theme.

    It appears that something has broken my plugin as well as the imgur plugin I based it on.

    I suspect this error is relevant

    warn: [hotswap] Could not find router in stack with hotswapId auth

    or this one:

    warn: [hotswap] Could not find router in stack with hotswapId plugins

    I'm still digging through the plugin changes.

    Running HEAD as of about half an hour ago.



  • And yes, cleaning out the stale, stray files from when I originally cloned off of vanilla fixed the csrf issues I was having.

Suggested Topics

| |