Invalid CSRF token


  • GNU/Linux

    I'm getting 'invalid CSRF token' error and users sometimes can't login. Using version v1.1.2, nginx set as reverse proxy with SSL, header X-Forwarded-Proto set as recommended, cookieDomain is empty, plugins:

    nodebb-plugin-canned-responses
    nodebb-plugin-composer-default
    nodebb-plugin-custom-homepg
    nodebb-plugin-custom-pages
    nodebb-plugin-markdown
    nodebb-plugin-mentions
    nodebb-plugin-merge-subtopics
    nodebb-plugin-solr
    nodebb-plugin-soundpack-default
    nodebb-plugin-sso-facebook
    nodebb-plugin-sso-google
    nodebb-plugin-sso-twitter
    nodebb-plugin-write-api
    nodebb-rewards-essentials
    nodebb-theme-persona
    nodebb-widget-essentials

    Log

     Error: Request aborted
        at onaborted (/opt/nodebb/NodeBB-1.1.2/node_modules/express/lib/response.js:973:15)
        at Immediate._onImmediate (/opt/nodebb/NodeBB-1.1.2/node_modules/express/lib/response.js:1015:9)
        at processImmediate [as _immediateCallback] (timers.js:383:17)
    17/11 11:22 [170] - error: /login
     invalid csrf token
    17/11 11:25 [170] - error: /login
     invalid csrf token
    17/11 11:26 [170] - error: /login
     invalid csrf token
    17/11 11:26 [170] - error: /login
     invalid csrf token
    17/11 11:28 [170] - error: /login
     invalid csrf token
    17/11 11:29 [170] - error: /login
     invalid csrf token
    17/11 11:29 [170] - error: /login
     invalid csrf token
    17/11 11:32 [170] - error: /login
     invalid csrf token
    17/11 11:34 [170] - error: /login
     invalid csrf token
    17/11 11:35 [170] - error: /login
     invalid csrf token
    17/11 11:35 [170] - error: /login
     invalid csrf token
    17/11 11:35 [170] - error: /login
     invalid csrf token
    17/11 11:35 [170] - error: /login
     invalid csrf token
    17/11 11:35 [170] - error: /login
     invalid csrf token
    17/11 11:35 [170] - error: /login
     invalid csrf token
    17/11 11:35 [170] - error: /login
     invalid csrf token
    17/11 11:35 [170] - error: /login
     invalid csrf token
    17/11 11:35 [170] - error: /login
     invalid csrf token
    17/11 11:35 [170] - error: /login
     invalid csrf token
    17/11 11:35 [170] - error: /login
     invalid csrf token
    17/11 11:35 [170] - error: /login
     invalid csrf token
    17/11 11:36 [170] - error: /login
     invalid csrf token
    17/11 11:36 [170] - error: /login
     invalid csrf token
    17/11 11:36 [170] - error: /login
     invalid csrf token
    17/11 11:37 [170] - error: /login
     invalid csrf token
    17/11 11:37 [170] - error: /login
     invalid csrf token
    17/11 11:37 [170] - error: /login
     invalid csrf token
    17/11 11:37 [170] - error: /login
     invalid csrf token
    17/11 11:37 [170] - error: /login
     invalid csrf token
    17/11 11:37 [170] - error: /login
     invalid csrf token
    17/11 11:37 [170] - error: /login
     invalid csrf token
    17/11 11:37 [170] - error: /login
     invalid csrf token
    17/11 11:50 [170] - error: /login
     invalid csrf token
    17/11 11:51 [170] - error: /login
     invalid csrf token
    17/11 13:53 [170] - error: /login
     invalid csrf token
    17/11 17:00 [170] - info: [user/jobs] Digest (day) scheduling completed.
    17/11 18:36 [170] - warn: Flooding detected! Calls : 101, Duration : 5627
    17/11 18:36 [170] - warn: [socket.io] Too many emits! Disconnecting uid : 0. Events : topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet
    17/11 22:05 [170] - warn: Flooding detected! Calls : 101, Duration : 6061
    17/11 22:05 [170] - warn: [socket.io] Too many emits! Disconnecting uid : 0. Events : topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet
    17/11 22:45 [170] - error: /login
     invalid csrf token
    18/11 12:31 [170] - error: /login
     invalid csrf token
    18/11 17:00 [170] - info: [user/jobs] Digest (day) scheduling completed.
    19/11 10:29 [170] - error: /plugins/nodebb-plugin-markdown/styles/railscasts.css
     Error: Request aborted
        at onaborted (/opt/nodebb/NodeBB-1.1.2/node_modules/express/lib/response.js:973:15)
        at Immediate._onImmediate (/opt/nodebb/NodeBB-1.1.2/node_modules/express/lib/response.js:1015:9)
        at processImmediate [as _immediateCallback] (timers.js:383:17)
    19/11 17:00 [170] - info: [user/jobs] Digest (day) scheduling completed.
    19/11 17:43 [170] - error: /login
     invalid csrf token
    20/11 14:15 [170] - error: /login
     invalid csrf token
    20/11 17:00 [170] - info: [user/jobs] Digest (day) scheduling completed.
    20/11 22:26 [170] - error: /login
     invalid csrf token
    21/11 07:02 [170] - error: /login
     invalid csrf token
    21/11 11:42 [170] - error: /login
     invalid csrf token
    21/11 11:43 [170] - error: /login
     invalid csrf token
    21/11 17:00 [170] - info: [user/jobs] Digest (day) scheduling completed.
    21/11 19:13 [170] - error: /login
     invalid csrf token
    21/11 19:51 [170] - error: /logout
     invalid csrf token
    21/11 19:51 [170] - error: /logout
     invalid csrf token
    21/11 19:52 [170] - warn: Flooding detected! Calls : 101, Duration : 4962
    21/11 19:52 [170] - warn: [socket.io] Too many emits! Disconnecting uid : 0. Events : topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet
    21/11 21:03 [170] - error: /login
     invalid csrf token
    21/11 21:04 [170] - error: /login
     invalid csrf token
    21/11 21:05 [170] - error: /logout
     invalid csrf token
    21/11 21:05 [170] - error: /logout
     invalid csrf token
    22/11 08:18 [170] - error: /api/post/upload
     invalid csrf token
    22/11 08:18 [170] - error: /api/post/upload
     invalid csrf token
    22/11 08:49 [170] - error: /logout
     invalid csrf token
    22/11 10:04 [170] - error: /login
     invalid csrf token
    22/11 10:10 [170] - error: /login
     invalid csrf token
    22/11 10:10 [170] - error: /login
     invalid csrf token
    22/11 11:23 [170] - error: /login
     invalid csrf token
    22/11 11:26 [170] - error: /login
     invalid csrf token
    22/11 17:00 [170] - info: [user/jobs] Digest (day) scheduling completed.
    23/11 17:00 [170] - info: [user/jobs] Digest (day) scheduling completed.
    24/11 07:47 [170] - warn: Flooding detected! Calls : 101, Duration : 9185
    24/11 07:47 [170] - warn: [socket.io] Too many emits! Disconnecting uid : 0. Events : topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet```
    
    Any ideas?

  • Admin

    @metalkramp Hmm... sometimes? That's odd.

    If you have a solid set of reproduction steps, that would go a long way in figuring out what is wrong.


  • GNU/Linux

    @julian Error seems to be occuring mostly to users using Safari (both mobile and desktop - MacOS). I don't have access to server right now, but will post additional data ASAP.


 

| |

Looks like your connection to NodeBB was lost, please wait while we try to reconnect.