Invalid CSRF Token
-
where do we set SSL:no. Can you paste your config.json?
-
@codecowboy don't think there is a setting like that. Where did you get that from?
-
@codecowboy As @pichalite has mentioned in the other thread, you'll want to reset the
cookieDomainconfig in your NodeBB.
-
@pichalite SSL:No is mentioned higher up in this thread
-
@codecowboy he just said that he is not using SSL. There is no such setting.
-
@pichalite aha. My bad. I am stupid. Its a curse.
-
I had the exact same issue, I ended up going back to v1.0.3. Lucky me that there was no change in the database so I could just use git checkout v1.0.3 and then run npm install followed by ./nodebb upgrade and everything went back to a working state.
-
I'm using nginx with SSL, had the same issue with login/CSRF Token when migrated from 1.0.3 to 1.1.2, and, as described before but always good to remain, adding this to my nginx config (
/etc/nginx/sites-enabled/defaultin my case) saved my life, thankproxy_set_header X-Forwarded-Proto $scheme;
-
for the record for people finding this via search, for apache2 you have to set this somewhere in your nodebb vhost configuration
with sslRequestHeader set X-Forwarded-Proto "https"without ssl
RequestHeader set X-Forwarded-Proto "http"you might have to enable mod_headers to do so!
-
@phit said in Invalid CSRF Token:
for the record for people finding this via search, for apache2 you have to set this somewhere in your nodebb vhost configuration
Thank you very much. This really made my day !!!
