error: /logout invalid csrf token [use ssl, nginx, master branch]
-
Hi, When I'm try to login, register and logout I get an error like error: /logout
invalid csrf token and popup window invalid-sessionI use today master branch updates, and last nginx config from manual
#user 'userbb' virtual host 'site.ua' configuration file
server {
server_name site.ua www.site.ua;
listen 172.31.1.100:80;
return 302 https://$server_name$request_uri;
}
server {
server_name site.ua www.site.ua;listen 172.31.1.100:443 ssl spdy; ssl_certificate "/var/www/httpd-cert/userbb/www.site.ua.crt"; ssl_certificate_key "/var/www/httpd-cert/userbb/www.site.ua.key"; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'AES128+EECDH:AES128+EDH'; ssl_prefer_server_ciphers on; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://127.0.0.1:4567/; proxy_redirect off; # Socket.IO Support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } gzip on; gzip_comp_level 5; gzip_disable "msie6"; gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript;
}
nodebb config
{
"url": "http://site.ua",
"secret": "a7cc7856-0ed8-446c-90af-eaf7912953a5",
"database": "redis",
"redis": {
"host": "127.0.0.1",
"port": "6379",
"password": "",
"database": "0"
}
}nodebb log
22/7 20:40 [26278] - info: NodeBB Ready
22/7 20:40 [26278] - info: Enabling 'trust proxy'
22/7 20:40 [26278] - info: NodeBB is now listening on: 0.0.0.0:4567
22/7 20:40 [26278] - verbose: [sounds] Sounds OK
22/7 20:40 [26278] - verbose: [meta/blacklist] Loading 0 blacklist rules
22/7 20:40 [26278] - verbose: [hotswap] Router with idplugins
replaced successfully
22/7 20:40 [26278] - verbose: [plugins] All plugins reloaded and rerouted
22/7 20:40 [26278] - verbose: [hotswap] Router with idauth
replaced successfully
Refused to set unsafe header "User-Agent"
Discarding entity body for GET requests
Refused to set unsafe header "User-Agent"
Discarding entity body for GET requests
Refused to set unsafe header "User-Agent"
Discarding entity body for GET requests
Refused to set unsafe header "User-Agent"
Discarding entity body for GET requests
22/7 20:41 [26278] - verbose: [user.auth] Revoking session U79wro1pnq6qQj9fYPrz5zmqhYpnx9FE for user 1
22/7 20:42 [26278] - error: /logout
invalid csrf tokenIt can affect this error trailing slash in the configs (nodebb and nginx) or what else could be the reason for this error?
-
i had this issue too, once i added the proper rule to apache/nginx it was fine
-
@chrismccoy Could you tell me what is the proper rule?
-
@KevinPan share your current nginx config and make sure your url value in config.json matches exactly the url you're accessing the site with.
-
@KevinPan your problem is not exactly the same, because according to your reply over there, you're using IIS not nginx.
I don't know how to use IIS (don't know if any one else here who does) but you'll need to set the same headers that we do in the example nginx file: https://docs.nodebb.org/configuring/proxies/nginx/#basic-setup