So is there a fix for these csrf errors?

General Discussion
  • I've updated my forum, and noticed a few posts regarding csrf and theme related things.

    15/12 09:47 [3811] - error: /login
    Error: invalid csrf token
    at verifytoken (/home/a_5mith/35hz/node_modules/csurf/index.js:237:11)
    at csrf (/home/a_5mith/35hz/node_modules/csurf/index.js:100:7)
    at Layer.handle [as handle_request] (/home/a_5mith/35hz/node_modules/express/lib/router/layer.js:82:5)
    at next (/home/a_5mith/35hz/node_modules/express/lib/router/route.js:100:13)
    at Route.dispatch (/home/a_5mith/35hz/node_modules/express/lib/router/route.js:81:3)
    at Layer.handle [as handle_request] (/home/a_5mith/35hz/node_modules/express/lib/router/layer.js:82:5)
    at /home/a_5mith/35hz/node_modules/express/lib/router/index.js:235:24
    at Function.proto.process_params (/home/a_5mith/35hz/node_modules/express/lib/router/index.js:313:12)
    at /home/a_5mith/35hz/node_modules/express/lib/router/index.js:229:12
    at Function.match_layer (/home/a_5mith/35hz/node_modules/express/lib/router/index.js:296:3)

    Lavender and Vanilla are latest, the forum still works, it just gives CSRF errors every now and then.

  • Did you remove all of the csrf references in header.tpl, login.tpl, register.tpl?

    Yeah, on second thought, I've seen this in the logs a while back even after I removed all of the csrf inputs.

  • @trevor I just updated NodeBB and the themes, so would assume this had already been done.

  • @a_5mith With NodeBB dont assume anything 😛

Suggested Topics