Invalid CSRF Token
-
Our old friend, invalid CSRF token is back.
NodeBB v1.1.0
Git commit:296dc77c7bb2bbf92f711089d77e4f32f729951f
Redis3.0.7
So far, I've tried 1) different browsers and 2) clearing out the individual cookies related to the domain.
Plugins:
- nodebb-theme-persona - nodebb-plugin-markdown - nodebb-plugin-mentions - nodebb-plugin-spam-be-gone - nodebb-widget-essentials - nodebb-rewards-essentials - nodebb-plugin-reddit - nodebb-plugin-soundpack-default - nodebb-plugin-emoji-extended - nodebb-plugin-rss - nodebb-plugin-twitter - nodebb-plugin-desktop-notifications - nodebb-plugin-question-and-answer - nodebb-plugin-sso-google-confirmed - nodebb-plugin-dbsearch - nodebb-plugin-sso-dropbox - nodebb-plugin-custom-pages - nodebb-plugin-twitch - nodebb-plugin-write-api - nodebb-plugin-youtube-lite - nodebb-plugin-emailer-mandrill - nodebb-plugin-vimeo - nodebb-plugin-newuser-invitation - nodebb-plugin-gravatar - nodebb-plugin-imgur - nodebb-plugin-codeinput - nodebb-plugin-composer-redactor - nodebb-plugin-header-extend - nodebb-plugin-poll - nodebb-plugin-soundcloud - nodebb-plugin-sso-github - nodebb-plugin-sso-google
I've tried resetting all the plugins as well, but this error persists:
Any ideas??
-
@Guiri follow the instructions here... https://github.com/NodeBB/NodeBB/issues/4734
-
@pichalite TY
-
Hi, I have the same issue as you, it started a few weeks ago.
Yesterday I have a reported case of "Invalid-session"
- nodebb-plugin-asset-manager - nodebb-plugin-composer-embedly - nodebb-plugin-emailer-sendgrid - nodebb-plugin-embed-videos - nodebb-plugin-emoji-extended - nodebb-plugin-emoji-one - nodebb-plugin-iframely - nodebb-plugin-markdown - nodebb-plugin-mentions - nodebb-plugin-newsletter - nodebb-plugin-newuser-invitation - nodebb-plugin-ns-awards - nodebb-plugin-poll - nodebb-plugin-rss - nodebb-plugin-s3-uploads-updated - nodebb-plugin-slack-extended - nodebb-plugin-soundpack-default - nodebb-plugin-videoplayer - nodebb-rewards-essentials - nodebb-theme-persona - nodebb-widget-essentials - nodebb-widget-ns-stats
We have the same:
- nodebb-theme-persona
- nodebb-plugin-markdown
- nodebb-plugin-mentions - nodebb-widget-essentials
- nodebb-rewards-essentials
- nodebb-plugin-soundpack-default
- nodebb-plugin-emoji-extended
- nodebb-plugin-rss
- nodebb-plugin-newuser-invitation
-
I have met the same problem!
"csrf-invalid": "We were unable to log you in, likely due to an expired session. Please try again"
I tried to clean all the cache and cookies of the chrome, but still happened!
NodeBB: V1.1.0 in github tag
Mongodb: 3.2.7
SSL: no
Upgraded from: fresh installed
-
@Jam said in Invalid CSRF Token:
SSL: no
Although you have SSL set to no, have you tried to resolve this problem by adding
proxy_set_header X-Forwarded-Proto $scheme;
to your Nginx configuration?
-
@rod thanks, i have added it~
I thought it was no necessary to add
proxy_set_header X-Forwarded-Proto $scheme
when we did not use SSL with nginx~
-
@Jam Has adding that line resolved your problem?
-
@rod It seems that working ok till right now~
-
where do we set SSL:no. Can you paste your config.json?
-
where do we set SSL:no. Can you paste your config.json?
-
@codecowboy don't think there is a setting like that. Where did you get that from?
-
@codecowboy As @pichalite has mentioned in the other thread, you'll want to reset the
cookieDomain
config in your NodeBB.
-
@pichalite SSL:No is mentioned higher up in this thread
-
@codecowboy he just said that he is not using SSL. There is no such setting.
-
@pichalite aha. My bad. I am stupid. Its a curse.
-
I had the exact same issue, I ended up going back to v1.0.3. Lucky me that there was no change in the database so I could just use git checkout v1.0.3 and then run npm install followed by ./nodebb upgrade and everything went back to a working state.
-
I'm using nginx with SSL, had the same issue with login/CSRF Token when migrated from 1.0.3 to 1.1.2, and, as described before but always good to remain, adding this to my nginx config (
/etc/nginx/sites-enabled/default
in my case) saved my life, thankproxy_set_header X-Forwarded-Proto $scheme;
-
for the record for people finding this via search, for apache2 you have to set this somewhere in your nodebb vhost configuration
with sslRequestHeader set X-Forwarded-Proto "https"
without ssl
RequestHeader set X-Forwarded-Proto "http"
you might have to enable mod_headers to do so!
-
@phit said in Invalid CSRF Token:
for the record for people finding this via search, for apache2 you have to set this somewhere in your nodebb vhost configuration
Thank you very much. This really made my day !!!