csrf-invalid when using cloudfront https

  • I'm trying to get my nodebb setup working with SSL using AWS's certificate manager. To do this I'm using AWS Cloudfront. Everything is working wonderfully up until I go to set my site URL in the config.json

    As soon as I change the url from http://forum.example.com to https://forum.example.com I get csrf-invalid errors when trying to login.

    here is my config.json:

        "url": "https://forum.example.com",
        "secret": "MYSECRET",
        "database": "redis",
        "redis": {
            "host": "aws.redis.url",
            "port": "6379",
            "password": "",
            "database": "0"

    Here is my nginx configuration:

    server {
        listen 80;
        server_name forum.example.com;
        location / {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header Host $http_host;
            proxy_set_header X-NginX-Proxy true;
            proxy_pass http://io_nodes;
            proxy_redirect off;
            # Socket.IO Support
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
    upstream io_nodes {

    As you can see I have proxy_set_header X-Forwarded-Proto $scheme; as suggested here https://blog.nodebb.org/nodebb-v1-1-0-release/

    What am I missing in my configuration to get this working?

  • Anyone have any advice?

  • Does it matter that your Nginx configuration only defines http (listen 80) and not https (443) yet in your config.json you are saying your forum url is "url": "https://forum.example.com", ?

  • @rod Cloudfront is requesting on port 80. Would do 443 but I don't have access to the raw ssl certificates because I'm using AWS's certificate manager for free wildcard certs.

Suggested Topics

  • 6
  • 5
  • 1
  • 8
  • 4
| | | |