Failed login attempt, forbidden, invalid csrf token

amarinelli

I have a fresh install of NodeBB v0.8.1 on Ubuntu (Microsoft Azure VM). Installation and config went smoothly as well as registering a few initial users, etc.

A few hours later new users as well as myself are consistently getting a Forbidden error when trying to login or register a new account.

./nodebb log simply says invalid csrf token for the /register and /login routes.

There have been a few other posts on here spanning the last several months regarding invalid csrf tokens. Some hint at solutions involving DNS propogation or resetting the themes.

Using redis-server 3.0.3
Current theme: Persona v2.1.25
Git hash: 8ff79af6b916b1741f957968f7cab06b68a406b2

Thanks for any ideas.

amarinelli

UPDATE

While troubleshooting an issue with the email plugin, we added our site domain in ACP settings > advanced > domain-settings.

Removing these two domains back to their defaults (blank) immediately solved the invalid csrf token issues.

amarinelli

(can't mark this as Solved ... does a moderator need to do this or are there just issues with Q&A plugin?)

julian

Thanks for the update @amarinelli

Error: Can't send mail - all recipients were rejected: 501 Invalid RCPT TO address provided at SMTPConnection

git fetch fails when trying to upgrade 0.9.3 -> 0.9.4

Login requirement

"Invalid File" error when trying to upload an avatar. Affects all users and all image file types.

CSRF

Solved Failed login attempt, forbidden, invalid csrf token

Suggested Topics

Error: Can't send mail - all recipients were rejected: 501 Invalid RCPT TO address provided at SMTPConnection

git fetch fails when trying to upgrade 0.9.3 -> 0.9.4

Login requirement

"Invalid File" error when trying to upload an avatar. Affects all users and all image file types.

CSRF