Invalid CSRF token


  • GNU/Linux

    I'm getting 'invalid CSRF token' error and users sometimes can't login. Using version v1.1.2, nginx set as reverse proxy with SSL, header X-Forwarded-Proto set as recommended, cookieDomain is empty, plugins:

    nodebb-plugin-canned-responses
    nodebb-plugin-composer-default
    nodebb-plugin-custom-homepg
    nodebb-plugin-custom-pages
    nodebb-plugin-markdown
    nodebb-plugin-mentions
    nodebb-plugin-merge-subtopics
    nodebb-plugin-solr
    nodebb-plugin-soundpack-default
    nodebb-plugin-sso-facebook
    nodebb-plugin-sso-google
    nodebb-plugin-sso-twitter
    nodebb-plugin-write-api
    nodebb-rewards-essentials
    nodebb-theme-persona
    nodebb-widget-essentials

    Log

     Error: Request aborted
        at onaborted (/opt/nodebb/NodeBB-1.1.2/node_modules/express/lib/response.js:973:15)
        at Immediate._onImmediate (/opt/nodebb/NodeBB-1.1.2/node_modules/express/lib/response.js:1015:9)
        at processImmediate [as _immediateCallback] (timers.js:383:17)
    17/11 11:22 [170] - error: /login
     invalid csrf token
    17/11 11:25 [170] - error: /login
     invalid csrf token
    17/11 11:26 [170] - error: /login
     invalid csrf token
    17/11 11:26 [170] - error: /login
     invalid csrf token
    17/11 11:28 [170] - error: /login
     invalid csrf token
    17/11 11:29 [170] - error: /login
     invalid csrf token
    17/11 11:29 [170] - error: /login
     invalid csrf token
    17/11 11:32 [170] - error: /login
     invalid csrf token
    17/11 11:34 [170] - error: /login
     invalid csrf token
    17/11 11:35 [170] - error: /login
     invalid csrf token
    17/11 11:35 [170] - error: /login
     invalid csrf token
    17/11 11:35 [170] - error: /login
     invalid csrf token
    17/11 11:35 [170] - error: /login
     invalid csrf token
    17/11 11:35 [170] - error: /login
     invalid csrf token
    17/11 11:35 [170] - error: /login
     invalid csrf token
    17/11 11:35 [170] - error: /login
     invalid csrf token
    17/11 11:35 [170] - error: /login
     invalid csrf token
    17/11 11:35 [170] - error: /login
     invalid csrf token
    17/11 11:35 [170] - error: /login
     invalid csrf token
    17/11 11:35 [170] - error: /login
     invalid csrf token
    17/11 11:35 [170] - error: /login
     invalid csrf token
    17/11 11:36 [170] - error: /login
     invalid csrf token
    17/11 11:36 [170] - error: /login
     invalid csrf token
    17/11 11:36 [170] - error: /login
     invalid csrf token
    17/11 11:37 [170] - error: /login
     invalid csrf token
    17/11 11:37 [170] - error: /login
     invalid csrf token
    17/11 11:37 [170] - error: /login
     invalid csrf token
    17/11 11:37 [170] - error: /login
     invalid csrf token
    17/11 11:37 [170] - error: /login
     invalid csrf token
    17/11 11:37 [170] - error: /login
     invalid csrf token
    17/11 11:37 [170] - error: /login
     invalid csrf token
    17/11 11:37 [170] - error: /login
     invalid csrf token
    17/11 11:50 [170] - error: /login
     invalid csrf token
    17/11 11:51 [170] - error: /login
     invalid csrf token
    17/11 13:53 [170] - error: /login
     invalid csrf token
    17/11 17:00 [170] - info: [user/jobs] Digest (day) scheduling completed.
    17/11 18:36 [170] - warn: Flooding detected! Calls : 101, Duration : 5627
    17/11 18:36 [170] - warn: [socket.io] Too many emits! Disconnecting uid : 0. Events : topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet
    17/11 22:05 [170] - warn: Flooding detected! Calls : 101, Duration : 6061
    17/11 22:05 [170] - warn: [socket.io] Too many emits! Disconnecting uid : 0. Events : topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet
    17/11 22:45 [170] - error: /login
     invalid csrf token
    18/11 12:31 [170] - error: /login
     invalid csrf token
    18/11 17:00 [170] - info: [user/jobs] Digest (day) scheduling completed.
    19/11 10:29 [170] - error: /plugins/nodebb-plugin-markdown/styles/railscasts.css
     Error: Request aborted
        at onaborted (/opt/nodebb/NodeBB-1.1.2/node_modules/express/lib/response.js:973:15)
        at Immediate._onImmediate (/opt/nodebb/NodeBB-1.1.2/node_modules/express/lib/response.js:1015:9)
        at processImmediate [as _immediateCallback] (timers.js:383:17)
    19/11 17:00 [170] - info: [user/jobs] Digest (day) scheduling completed.
    19/11 17:43 [170] - error: /login
     invalid csrf token
    20/11 14:15 [170] - error: /login
     invalid csrf token
    20/11 17:00 [170] - info: [user/jobs] Digest (day) scheduling completed.
    20/11 22:26 [170] - error: /login
     invalid csrf token
    21/11 07:02 [170] - error: /login
     invalid csrf token
    21/11 11:42 [170] - error: /login
     invalid csrf token
    21/11 11:43 [170] - error: /login
     invalid csrf token
    21/11 17:00 [170] - info: [user/jobs] Digest (day) scheduling completed.
    21/11 19:13 [170] - error: /login
     invalid csrf token
    21/11 19:51 [170] - error: /logout
     invalid csrf token
    21/11 19:51 [170] - error: /logout
     invalid csrf token
    21/11 19:52 [170] - warn: Flooding detected! Calls : 101, Duration : 4962
    21/11 19:52 [170] - warn: [socket.io] Too many emits! Disconnecting uid : 0. Events : topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet
    21/11 21:03 [170] - error: /login
     invalid csrf token
    21/11 21:04 [170] - error: /login
     invalid csrf token
    21/11 21:05 [170] - error: /logout
     invalid csrf token
    21/11 21:05 [170] - error: /logout
     invalid csrf token
    22/11 08:18 [170] - error: /api/post/upload
     invalid csrf token
    22/11 08:18 [170] - error: /api/post/upload
     invalid csrf token
    22/11 08:49 [170] - error: /logout
     invalid csrf token
    22/11 10:04 [170] - error: /login
     invalid csrf token
    22/11 10:10 [170] - error: /login
     invalid csrf token
    22/11 10:10 [170] - error: /login
     invalid csrf token
    22/11 11:23 [170] - error: /login
     invalid csrf token
    22/11 11:26 [170] - error: /login
     invalid csrf token
    22/11 17:00 [170] - info: [user/jobs] Digest (day) scheduling completed.
    23/11 17:00 [170] - info: [user/jobs] Digest (day) scheduling completed.
    24/11 07:47 [170] - warn: Flooding detected! Calls : 101, Duration : 9185
    24/11 07:47 [170] - warn: [socket.io] Too many emits! Disconnecting uid : 0. Events : topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet```
    
    Any ideas?

  • Admin

    @metalkramp Hmm... sometimes? That's odd.

    If you have a solid set of reproduction steps, that would go a long way in figuring out what is wrong.


  • GNU/Linux

    @julian Error seems to be occuring mostly to users using Safari (both mobile and desktop - MacOS). I don't have access to server right now, but will post additional data ASAP.


Log in to reply
 


Looks like your connection to NodeBB was lost, please wait while we try to reconnect.