Invalid CSRF token

metalkramp

I'm getting 'invalid CSRF token' error and users sometimes can't login. Using version v1.1.2, nginx set as reverse proxy with SSL, header X-Forwarded-Proto set as recommended, cookieDomain is empty, plugins:

nodebb-plugin-canned-responses
nodebb-plugin-composer-default
nodebb-plugin-custom-homepg
nodebb-plugin-custom-pages
nodebb-plugin-markdown
nodebb-plugin-mentions
nodebb-plugin-merge-subtopics
nodebb-plugin-solr
nodebb-plugin-soundpack-default
nodebb-plugin-sso-facebook
nodebb-plugin-sso-google
nodebb-plugin-sso-twitter
nodebb-plugin-write-api
nodebb-rewards-essentials
nodebb-theme-persona
nodebb-widget-essentials

Log

 Error: Request aborted
    at onaborted (/opt/nodebb/NodeBB-1.1.2/node_modules/express/lib/response.js:973:15)
    at Immediate._onImmediate (/opt/nodebb/NodeBB-1.1.2/node_modules/express/lib/response.js:1015:9)
    at processImmediate [as _immediateCallback] (timers.js:383:17)
17/11 11:22 [170] - [31merror[39m: /login
 invalid csrf token
17/11 11:25 [170] - [31merror[39m: /login
 invalid csrf token
17/11 11:26 [170] - [31merror[39m: /login
 invalid csrf token
17/11 11:26 [170] - [31merror[39m: /login
 invalid csrf token
17/11 11:28 [170] - [31merror[39m: /login
 invalid csrf token
17/11 11:29 [170] - [31merror[39m: /login
 invalid csrf token
17/11 11:29 [170] - [31merror[39m: /login
 invalid csrf token
17/11 11:32 [170] - [31merror[39m: /login
 invalid csrf token
17/11 11:34 [170] - [31merror[39m: /login
 invalid csrf token
17/11 11:35 [170] - [31merror[39m: /login
 invalid csrf token
17/11 11:35 [170] - [31merror[39m: /login
 invalid csrf token
17/11 11:35 [170] - [31merror[39m: /login
 invalid csrf token
17/11 11:35 [170] - [31merror[39m: /login
 invalid csrf token
17/11 11:35 [170] - [31merror[39m: /login
 invalid csrf token
17/11 11:35 [170] - [31merror[39m: /login
 invalid csrf token
17/11 11:35 [170] - [31merror[39m: /login
 invalid csrf token
17/11 11:35 [170] - [31merror[39m: /login
 invalid csrf token
17/11 11:35 [170] - [31merror[39m: /login
 invalid csrf token
17/11 11:35 [170] - [31merror[39m: /login
 invalid csrf token
17/11 11:35 [170] - [31merror[39m: /login
 invalid csrf token
17/11 11:35 [170] - [31merror[39m: /login
 invalid csrf token
17/11 11:36 [170] - [31merror[39m: /login
 invalid csrf token
17/11 11:36 [170] - [31merror[39m: /login
 invalid csrf token
17/11 11:36 [170] - [31merror[39m: /login
 invalid csrf token
17/11 11:37 [170] - [31merror[39m: /login
 invalid csrf token
17/11 11:37 [170] - [31merror[39m: /login
 invalid csrf token
17/11 11:37 [170] - [31merror[39m: /login
 invalid csrf token
17/11 11:37 [170] - [31merror[39m: /login
 invalid csrf token
17/11 11:37 [170] - [31merror[39m: /login
 invalid csrf token
17/11 11:37 [170] - [31merror[39m: /login
 invalid csrf token
17/11 11:37 [170] - [31merror[39m: /login
 invalid csrf token
17/11 11:37 [170] - [31merror[39m: /login
 invalid csrf token
17/11 11:50 [170] - [31merror[39m: /login
 invalid csrf token
17/11 11:51 [170] - [31merror[39m: /login
 invalid csrf token
17/11 13:53 [170] - [31merror[39m: /login
 invalid csrf token
17/11 17:00 [170] - [32minfo[39m: [user/jobs] Digest (day) scheduling completed.
17/11 18:36 [170] - [33mwarn[39m: Flooding detected! Calls : 101, Duration : 5627
17/11 18:36 [170] - [33mwarn[39m: [socket.io] Too many emits! Disconnecting uid : 0. Events : topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet
17/11 22:05 [170] - [33mwarn[39m: Flooding detected! Calls : 101, Duration : 6061
17/11 22:05 [170] - [33mwarn[39m: [socket.io] Too many emits! Disconnecting uid : 0. Events : topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet
17/11 22:45 [170] - [31merror[39m: /login
 invalid csrf token
18/11 12:31 [170] - [31merror[39m: /login
 invalid csrf token
18/11 17:00 [170] - [32minfo[39m: [user/jobs] Digest (day) scheduling completed.
19/11 10:29 [170] - [31merror[39m: /plugins/nodebb-plugin-markdown/styles/railscasts.css
 Error: Request aborted
    at onaborted (/opt/nodebb/NodeBB-1.1.2/node_modules/express/lib/response.js:973:15)
    at Immediate._onImmediate (/opt/nodebb/NodeBB-1.1.2/node_modules/express/lib/response.js:1015:9)
    at processImmediate [as _immediateCallback] (timers.js:383:17)
19/11 17:00 [170] - [32minfo[39m: [user/jobs] Digest (day) scheduling completed.
19/11 17:43 [170] - [31merror[39m: /login
 invalid csrf token
20/11 14:15 [170] - [31merror[39m: /login
 invalid csrf token
20/11 17:00 [170] - [32minfo[39m: [user/jobs] Digest (day) scheduling completed.
20/11 22:26 [170] - [31merror[39m: /login
 invalid csrf token
21/11 07:02 [170] - [31merror[39m: /login
 invalid csrf token
21/11 11:42 [170] - [31merror[39m: /login
 invalid csrf token
21/11 11:43 [170] - [31merror[39m: /login
 invalid csrf token
21/11 17:00 [170] - [32minfo[39m: [user/jobs] Digest (day) scheduling completed.
21/11 19:13 [170] - [31merror[39m: /login
 invalid csrf token
21/11 19:51 [170] - [31merror[39m: /logout
 invalid csrf token
21/11 19:51 [170] - [31merror[39m: /logout
 invalid csrf token
21/11 19:52 [170] - [33mwarn[39m: Flooding detected! Calls : 101, Duration : 4962
21/11 19:52 [170] - [33mwarn[39m: [socket.io] Too many emits! Disconnecting uid : 0. Events : topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet
21/11 21:03 [170] - [31merror[39m: /login
 invalid csrf token
21/11 21:04 [170] - [31merror[39m: /login
 invalid csrf token
21/11 21:05 [170] - [31merror[39m: /logout
 invalid csrf token
21/11 21:05 [170] - [31merror[39m: /logout
 invalid csrf token
22/11 08:18 [170] - [31merror[39m: /api/post/upload
 invalid csrf token
22/11 08:18 [170] - [31merror[39m: /api/post/upload
 invalid csrf token
22/11 08:49 [170] - [31merror[39m: /logout
 invalid csrf token
22/11 10:04 [170] - [31merror[39m: /login
 invalid csrf token
22/11 10:10 [170] - [31merror[39m: /login
 invalid csrf token
22/11 10:10 [170] - [31merror[39m: /login
 invalid csrf token
22/11 11:23 [170] - [31merror[39m: /login
 invalid csrf token
22/11 11:26 [170] - [31merror[39m: /login
 invalid csrf token
22/11 17:00 [170] - [32minfo[39m: [user/jobs] Digest (day) scheduling completed.
23/11 17:00 [170] - [32minfo[39m: [user/jobs] Digest (day) scheduling completed.
24/11 07:47 [170] - [33mwarn[39m: Flooding detected! Calls : 101, Duration : 9185
24/11 07:47 [170] - [33mwarn[39m: [socket.io] Too many emits! Disconnecting uid : 0. Events : topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet```

Any ideas?

julian

@metalkramp Hmm... sometimes? That's odd.

If you have a solid set of reproduction steps, that would go a long way in figuring out what is wrong.

metalkramp

@julian Error seems to be occuring mostly to users using Safari (both mobile and desktop - MacOS). I don't have access to server right now, but will post additional data ASAP.