403 error when trying to login

Technical Support
  • I'm getting a 403 response header from Apache when a user tries to log in:

    403 Forbidden
    Connection: Keep-Alive
    Content-Length: 9
    Content-Type: text/plain; charset=utf-8
    Date: Tue, 26 Jul 2016 08:34:17 GMT
    Etag: W/"9-cilpV3qWyjlT6E49lJ3ugQ"
    Keep-Alive: timeout=5, max=100
    Server: Apache
    Set-Cookie: express.sid=s%3AK71RmAAIHxT272nf0UmW0VjrVspvtzjb.z%2BNP27jVVBPjm7IGebypmqLqKlWNQuOpVQY6lKat2RA; Domain=domain.deleted.com; Path=/; Expires=Tue, 09 Aug 2016 08:34:17 GMT; HttpOnly
    Vary: Accept-Encoding
    X-Frame-Options: SAMEORIGIN
    X-Powered-By: Express
    access-control-allow-origin: null
    

    NodeBB version is 1.0.3

    The user facing login screen shows:

    Failed login attempt, please try again.
    
    Forbidden
    

    The NodeBB log shows:

    26/7 09:31 [26144] - error: /login
     invalid csrf token
    

    I have tried:

    Restarting nodebb & apache
    Adding the following to apache config:

    RequestHeader set X-Forwarded-Proto 'https'
    
  • In my particular case, this seems to have been caused by one or all of:

    1. Missing the following request header in Apache:
    <VirtualHost *:80>
        RequestHeader set X-Forwarded-Proto "http"
        …
    </VirtualHost>
    

    I added the above apache directive and restarted apache..

    2.Having the cookieDomain set in the admin panel

    If you cannot log into your forum, the only way to do remove this cookieDomain value is to manually run a DB query to remove it. In my case this was Mongo and I used a GUI client to remove the value.

    A raw query would look something like this:

    db.objects.update({_key: "config"}, {$set: {cookieDomain: ""}});
    

    More info here - https://community.nodebb.org/topic/9196/invalid-session?_=1470286431609&page=1


Suggested Topics


  • 0 Votes
    10 Posts
    560 Views
  • 0 Votes
    1 Posts
    172 Views
  • Registration Error

    Technical Support
    0 Votes
    6 Posts
    1761 Views
  • 0 Votes
    2 Posts
    972 Views
  • docker build 404 error

    Technical Support
    0 Votes
    2 Posts
    765 Views