csrf-invalid when using cloudfront https



  • I'm trying to get my nodebb setup working with SSL using AWS's certificate manager. To do this I'm using AWS Cloudfront. Everything is working wonderfully up until I go to set my site URL in the config.json

    As soon as I change the url from http://forum.example.com to https://forum.example.com I get csrf-invalid errors when trying to login.

    here is my config.json:

    {
        "url": "https://forum.example.com",
        "secret": "MYSECRET",
        "database": "redis",
        "redis": {
            "host": "aws.redis.url",
            "port": "6379",
            "password": "",
            "database": "0"
        }
    }
    

    Here is my nginx configuration:

    server {
        listen 80;
        server_name forum.example.com;
    
        location / {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header Host $http_host;
            proxy_set_header X-NginX-Proxy true;
    
            proxy_pass http://io_nodes;
            proxy_redirect off;
    
            # Socket.IO Support
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }
    }
    
    upstream io_nodes {
        ip_hash;
        server 127.0.0.1:4567;
        server 127.0.0.1:4568;
    }
    
    

    As you can see I have proxy_set_header X-Forwarded-Proto $scheme; as suggested here https://blog.nodebb.org/nodebb-v1-1-0-release/

    What am I missing in my configuration to get this working?



  • Anyone have any advice?



  • Does it matter that your Nginx configuration only defines http (listen 80) and not https (443) yet in your config.json you are saying your forum url is "url": "https://forum.example.com", ?



  • @rod Cloudfront is requesting on port 80. Would do 443 but I don't have access to the raw ssl certificates because I'm using AWS's certificate manager for free wildcard certs.


 

| |