Community

error: /logout invalid csrf token [use ssl, nginx, master branch]

Technical Support
  • AquaA

    Hi, When I'm try to login, register and logout I get an error like error: /logout
    invalid csrf token and popup window invalid-session

    I use today master branch updates, and last nginx config from manual

    #user 'userbb' virtual host 'site.ua' configuration file
    server {
    server_name site.ua www.site.ua;
    listen 172.31.1.100:80;
    return 302 https://$server_name$request_uri;
    }
    server {
    server_name site.ua www.site.ua;

    listen 172.31.1.100:443 ssl spdy;

ssl_certificate "/var/www/httpd-cert/userbb/www.site.ua.crt";
ssl_certificate_key "/var/www/httpd-cert/userbb/www.site.ua.key";

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_ciphers 'AES128+EECDH:AES128+EDH';

ssl_prefer_server_ciphers on;

location / {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $http_host;
    proxy_set_header X-NginX-Proxy true;

    proxy_pass http://127.0.0.1:4567/;
    proxy_redirect off;

    # Socket.IO Support
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
}

gzip on;
gzip_comp_level 5;
gzip_disable "msie6";
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript;

    }

    nodebb config

    {
    "url": "http://site.ua",
    "secret": "a7cc7856-0ed8-446c-90af-eaf7912953a5",
    "database": "redis",
    "redis": {
    "host": "127.0.0.1",
    "port": "6379",
    "password": "",
    "database": "0"
    }
    }

    nodebb log

    22/7 20:40 [26278] - info: NodeBB Ready
    22/7 20:40 [26278] - info: Enabling 'trust proxy'
    22/7 20:40 [26278] - info: NodeBB is now listening on: 0.0.0.0:4567
    22/7 20:40 [26278] - verbose: [sounds] Sounds OK
    22/7 20:40 [26278] - verbose: [meta/blacklist] Loading 0 blacklist rules
    22/7 20:40 [26278] - verbose: [hotswap] Router with id plugins replaced successfully
    22/7 20:40 [26278] - verbose: [plugins] All plugins reloaded and rerouted
    22/7 20:40 [26278] - verbose: [hotswap] Router with id auth replaced successfully
    Refused to set unsafe header "User-Agent"
    Discarding entity body for GET requests
    Refused to set unsafe header "User-Agent"
    Discarding entity body for GET requests
    Refused to set unsafe header "User-Agent"
    Discarding entity body for GET requests
    Refused to set unsafe header "User-Agent"
    Discarding entity body for GET requests
    22/7 20:41 [26278] - verbose: [user.auth] Revoking session U79wro1pnq6qQj9fYPrz5zmqhYpnx9FE for user 1
    22/7 20:42 [26278] - error: /logout
    invalid csrf token

    It can affect this error trailing slash in the configs (nodebb and nginx) or what else could be the reason for this error?

    pichaliteP 1 Reply
    0
  • pichaliteP

    @Aqua in NodeBB's config.json set the url property to https://site.ua and restart NodeBB.

    0
  • AquaA

    dear friend, I try to change config.json with https, but error has remained. Look to screenshot below
    alt text

    0
  • L

    I am also having this problem. Did a clean install (i am using Heroku) and error still show up. The log simply just say "invalid csrf token"
    After trying for a while somehow I am able to log in. But new users keep facing this issue

    1
  • AquaA

    No fresh ideas? I am ready to experiment for solving error

    0
  • C

    i had this issue too, once i added the proper rule to apache/nginx it was fine

    K 1 Reply
    0
  • K

    @chrismccoy Could you tell me what is the proper rule?

    PitaJP 1 Reply
    0
  • PitaJP

    @KevinPan share your current nginx config and make sure your url value in config.json matches exactly the url you're accessing the site with.

    K 1 Reply
    0
  • K

    @PitaJ my problem is exactly the same as this post Double URL problem after login | https in config.json gives session error

    Is there a plan that NodeBB gives the next release?

    PitaJP 1 Reply
    0
  • PitaJP

    @KevinPan your problem is not exactly the same, because according to your reply over there, you're using IIS not nginx.

    I don't know how to use IIS (don't know if any one else here who does) but you'll need to set the same headers that we do in the example nginx file: https://docs.nodebb.org/configuring/proxies/nginx/#basic-setup

    0

Suggested Topics

  • Mattias KlintM

    Using Write API with cookie auth

    Unsolved Technical Support
    0 Votes
    4 Posts
    129 Views

    julianJ

    Correct, the only place to retrieve the csrf token is from the /api/config endpoint.

    Neither method is superior to the other. When we were building out the original api, we use cookie authentication as it was built in to the browser. With the advent of the write api, I added bearer token authentic to enable easier server-to-server communication.

    The read API is meant to be used with cookie authentication, the right API is meant to be used with bearer authentication, although both support both types.

  • phenomlabP

    Console error after upgrade to 2.1.0

    Unsolved Technical Support
    1 Votes
    30 Posts
    804 Views

    phenomlabP

    @baris Which is exactly what I did ! Very odd, but pleased it's fixed, and hope everyone else can benefit from this. Thanks for all the help.

  • M

    NodeBB Bootstrap error

    Technical Support
    0 Votes
    2 Posts
    223 Views

    barisB

    https://community.nodebb.org/post/77781

  • Michael PfaffM

    Error Msg

    Solved Technical Support
    0 Votes
    6 Posts
    1166 Views

    Michael PfaffM

    Basically had to delete everything and build from ground up.

  • Michael PfaffM

    Error Installing Development Tools

    Technical Support
    0 Votes
    1 Posts
    584 Views

    Michael PfaffM

    I'm trying to install NodeBB using the CentOS documentation for install and am admittedly a noob. Things seem to go well until I get to installing the Development Tools in step 3 (https://nodebb.readthedocs.io/en/latest/installing/os/centos.html).

    I get an error that says Error: Package: intltool-0.41.0-1.1.e16.noarch (base) Requires: perl(XML::Parser).

    However, I'm pretty positive I have the 2.44 version of the Perl XML Parser installed. And, my Perl version is v5.10.1 - any help would be amazing.

    Thanks in advance!

    Mike

| | | |
Copyright © 2023 NodeBB | Contributors