Invalid CSRF Token

codecowboy

@pichalite

where do we set SSL:no. Can you paste your config.json?

pichalite

@codecowboy don't think there is a setting like that. Where did you get that from?

julian

@codecowboy As @pichalite has mentioned in the other thread, you'll want to reset the cookieDomain config in your NodeBB.

codecowboy

@pichalite SSL:No is mentioned higher up in this thread

pichalite

@codecowboy he just said that he is not using SSL. There is no such setting.

codecowboy

@pichalite aha. My bad. I am stupid. Its a curse.

Peter-Zoltan Keresztes

I had the exact same issue, I ended up going back to v1.0.3. Lucky me that there was no change in the database so I could just use git checkout v1.0.3 and then run npm install followed by ./nodebb upgrade and everything went back to a working state.

Charly86

I'm using nginx with SSL, had the same issue with login/CSRF Token when migrated from 1.0.3 to 1.1.2, and, as described before but always good to remain, adding this to my nginx config (/etc/nginx/sites-enabled/default in my case) saved my life, thank

proxy_set_header X-Forwarded-Proto $scheme;

phit

for the record for people finding this via search, for apache2 you have to set this somewhere in your nodebb vhost configuration
with ssl

RequestHeader set X-Forwarded-Proto "https"

without ssl

RequestHeader set X-Forwarded-Proto "http"

you might have to enable mod_headers to do so!

Hans

@phit said in Invalid CSRF Token:

for the record for people finding this via search, for apache2 you have to set this somewhere in your nodebb vhost configuration

Thank you very much. This really made my day !!!