error: /logout invalid csrf token [use ssl, nginx, master branch]



  • Hi, When I'm try to login, register and logout I get an error like error: /logout
    invalid csrf token and popup window invalid-session

    I use today master branch updates, and last nginx config from manual

    #user 'userbb' virtual host 'site.ua' configuration file
    server {
    server_name site.ua www.site.ua;
    listen 172.31.1.100:80;
    return 302 https://$server_name$request_uri;
    }
    server {
    server_name site.ua www.site.ua;

    listen 172.31.1.100:443 ssl spdy;
    
    ssl_certificate "/var/www/httpd-cert/userbb/www.site.ua.crt";
    ssl_certificate_key "/var/www/httpd-cert/userbb/www.site.ua.key";
    
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    
    ssl_ciphers 'AES128+EECDH:AES128+EDH';
    
    ssl_prefer_server_ciphers on;
    
    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
    
        proxy_pass http://127.0.0.1:4567/;
        proxy_redirect off;
    
        # Socket.IO Support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
    
    gzip on;
    gzip_comp_level 5;
    gzip_disable "msie6";
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript;
    

    }

    nodebb config

    {
    "url": "http://site.ua",
    "secret": "a7cc7856-0ed8-446c-90af-eaf7912953a5",
    "database": "redis",
    "redis": {
    "host": "127.0.0.1",
    "port": "6379",
    "password": "",
    "database": "0"
    }
    }

    nodebb log

    22/7 20:40 [26278] - info: NodeBB Ready
    22/7 20:40 [26278] - info: Enabling 'trust proxy'
    22/7 20:40 [26278] - info: NodeBB is now listening on: 0.0.0.0:4567
    22/7 20:40 [26278] - verbose: [sounds] Sounds OK
    22/7 20:40 [26278] - verbose: [meta/blacklist] Loading 0 blacklist rules
    22/7 20:40 [26278] - verbose: [hotswap] Router with id plugins replaced successfully
    22/7 20:40 [26278] - verbose: [plugins] All plugins reloaded and rerouted
    22/7 20:40 [26278] - verbose: [hotswap] Router with id auth replaced successfully
    Refused to set unsafe header "User-Agent"
    Discarding entity body for GET requests
    Refused to set unsafe header "User-Agent"
    Discarding entity body for GET requests
    Refused to set unsafe header "User-Agent"
    Discarding entity body for GET requests
    Refused to set unsafe header "User-Agent"
    Discarding entity body for GET requests
    22/7 20:41 [26278] - verbose: [user.auth] Revoking session U79wro1pnq6qQj9fYPrz5zmqhYpnx9FE for user 1
    22/7 20:42 [26278] - error: /logout
    invalid csrf token

    It can affect this error trailing slash in the configs (nodebb and nginx) or what else could be the reason for this error?


  • Plugin & Theme Dev

    @Aqua in NodeBB's config.json set the url property to https://site.ua and restart NodeBB.



  • dear friend, I try to change config.json with https, but error has remained. Look to screenshot below
    alt text



  • I am also having this problem. Did a clean install (i am using Heroku) and error still show up. The log simply just say "invalid csrf token"
    After trying for a while somehow I am able to log in. But new users keep facing this issue



  • No fresh ideas? I am ready to experiment for solving error



  • i had this issue too, once i added the proper rule to apache/nginx it was fine


Log in to reply
 


Looks like your connection to NodeBB was lost, please wait while we try to reconnect.