Buy Hosting

Invalid CSRF token

Bug Reports
  • M

    I'm getting 'invalid CSRF token' error and users sometimes can't login. Using version v1.1.2, nginx set as reverse proxy with SSL, header X-Forwarded-Proto set as recommended, cookieDomain is empty, plugins:

    nodebb-plugin-canned-responses
    nodebb-plugin-composer-default
    nodebb-plugin-custom-homepg
    nodebb-plugin-custom-pages
    nodebb-plugin-markdown
    nodebb-plugin-mentions
    nodebb-plugin-merge-subtopics
    nodebb-plugin-solr
    nodebb-plugin-soundpack-default
    nodebb-plugin-sso-facebook
    nodebb-plugin-sso-google
    nodebb-plugin-sso-twitter
    nodebb-plugin-write-api
    nodebb-rewards-essentials
    nodebb-theme-persona
    nodebb-widget-essentials

    Log

     Error: Request aborted
    at onaborted (/opt/nodebb/NodeBB-1.1.2/node_modules/express/lib/response.js:973:15)
    at Immediate._onImmediate (/opt/nodebb/NodeBB-1.1.2/node_modules/express/lib/response.js:1015:9)
    at processImmediate [as _immediateCallback] (timers.js:383:17)
17/11 11:22 [170] - error: /login
 invalid csrf token
17/11 11:25 [170] - error: /login
 invalid csrf token
17/11 11:26 [170] - error: /login
 invalid csrf token
17/11 11:26 [170] - error: /login
 invalid csrf token
17/11 11:28 [170] - error: /login
 invalid csrf token
17/11 11:29 [170] - error: /login
 invalid csrf token
17/11 11:29 [170] - error: /login
 invalid csrf token
17/11 11:32 [170] - error: /login
 invalid csrf token
17/11 11:34 [170] - error: /login
 invalid csrf token
17/11 11:35 [170] - error: /login
 invalid csrf token
17/11 11:35 [170] - error: /login
 invalid csrf token
17/11 11:35 [170] - error: /login
 invalid csrf token
17/11 11:35 [170] - error: /login
 invalid csrf token
17/11 11:35 [170] - error: /login
 invalid csrf token
17/11 11:35 [170] - error: /login
 invalid csrf token
17/11 11:35 [170] - error: /login
 invalid csrf token
17/11 11:35 [170] - error: /login
 invalid csrf token
17/11 11:35 [170] - error: /login
 invalid csrf token
17/11 11:35 [170] - error: /login
 invalid csrf token
17/11 11:35 [170] - error: /login
 invalid csrf token
17/11 11:35 [170] - error: /login
 invalid csrf token
17/11 11:36 [170] - error: /login
 invalid csrf token
17/11 11:36 [170] - error: /login
 invalid csrf token
17/11 11:36 [170] - error: /login
 invalid csrf token
17/11 11:37 [170] - error: /login
 invalid csrf token
17/11 11:37 [170] - error: /login
 invalid csrf token
17/11 11:37 [170] - error: /login
 invalid csrf token
17/11 11:37 [170] - error: /login
 invalid csrf token
17/11 11:37 [170] - error: /login
 invalid csrf token
17/11 11:37 [170] - error: /login
 invalid csrf token
17/11 11:37 [170] - error: /login
 invalid csrf token
17/11 11:37 [170] - error: /login
 invalid csrf token
17/11 11:50 [170] - error: /login
 invalid csrf token
17/11 11:51 [170] - error: /login
 invalid csrf token
17/11 13:53 [170] - error: /login
 invalid csrf token
17/11 17:00 [170] - info: [user/jobs] Digest (day) scheduling completed.
17/11 18:36 [170] - warn: Flooding detected! Calls : 101, Duration : 5627
17/11 18:36 [170] - warn: [socket.io] Too many emits! Disconnecting uid : 0. Events : topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet
17/11 22:05 [170] - warn: Flooding detected! Calls : 101, Duration : 6061
17/11 22:05 [170] - warn: [socket.io] Too many emits! Disconnecting uid : 0. Events : topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet
17/11 22:45 [170] - error: /login
 invalid csrf token
18/11 12:31 [170] - error: /login
 invalid csrf token
18/11 17:00 [170] - info: [user/jobs] Digest (day) scheduling completed.
19/11 10:29 [170] - error: /plugins/nodebb-plugin-markdown/styles/railscasts.css
 Error: Request aborted
    at onaborted (/opt/nodebb/NodeBB-1.1.2/node_modules/express/lib/response.js:973:15)
    at Immediate._onImmediate (/opt/nodebb/NodeBB-1.1.2/node_modules/express/lib/response.js:1015:9)
    at processImmediate [as _immediateCallback] (timers.js:383:17)
19/11 17:00 [170] - info: [user/jobs] Digest (day) scheduling completed.
19/11 17:43 [170] - error: /login
 invalid csrf token
20/11 14:15 [170] - error: /login
 invalid csrf token
20/11 17:00 [170] - info: [user/jobs] Digest (day) scheduling completed.
20/11 22:26 [170] - error: /login
 invalid csrf token
21/11 07:02 [170] - error: /login
 invalid csrf token
21/11 11:42 [170] - error: /login
 invalid csrf token
21/11 11:43 [170] - error: /login
 invalid csrf token
21/11 17:00 [170] - info: [user/jobs] Digest (day) scheduling completed.
21/11 19:13 [170] - error: /login
 invalid csrf token
21/11 19:51 [170] - error: /logout
 invalid csrf token
21/11 19:51 [170] - error: /logout
 invalid csrf token
21/11 19:52 [170] - warn: Flooding detected! Calls : 101, Duration : 4962
21/11 19:52 [170] - warn: [socket.io] Too many emits! Disconnecting uid : 0. Events : topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet
21/11 21:03 [170] - error: /login
 invalid csrf token
21/11 21:04 [170] - error: /login
 invalid csrf token
21/11 21:05 [170] - error: /logout
 invalid csrf token
21/11 21:05 [170] - error: /logout
 invalid csrf token
22/11 08:18 [170] - error: /api/post/upload
 invalid csrf token
22/11 08:18 [170] - error: /api/post/upload
 invalid csrf token
22/11 08:49 [170] - error: /logout
 invalid csrf token
22/11 10:04 [170] - error: /login
 invalid csrf token
22/11 10:10 [170] - error: /login
 invalid csrf token
22/11 10:10 [170] - error: /login
 invalid csrf token
22/11 11:23 [170] - error: /login
 invalid csrf token
22/11 11:26 [170] - error: /login
 invalid csrf token
22/11 17:00 [170] - info: [user/jobs] Digest (day) scheduling completed.
23/11 17:00 [170] - info: [user/jobs] Digest (day) scheduling completed.
24/11 07:47 [170] - warn: Flooding detected! Calls : 101, Duration : 9185
24/11 07:47 [170] - warn: [socket.io] Too many emits! Disconnecting uid : 0. Events : topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet,topics.loadMoreFromSet```

Any ideas?
    0
  • julianJ

    @metalkramp Hmm... sometimes? That's odd.

    If you have a solid set of reproduction steps, that would go a long way in figuring out what is wrong.

    0
  • M

    @julian Error seems to be occuring mostly to users using Safari (both mobile and desktop - MacOS). I don't have access to server right now, but will post additional data ASAP.

    0

Suggested Topics

  • fais3000F

    Error when generating a master token on 1.15.5

    Bug Reports
    0 Votes
    8 Posts
    646 Views
    fais3000F

    @julian Seems to do the trick. Thanks for the pointer.

    For others if you are passing multiple tags through curl here is a working example.

    curl --location --request PUT 'https://forum.com/api/v3/topics/14/tags' --header 'Authorization: Bearer ffee84f8-2afd-4ab5-91d6-b57afa12a2025' --data-urlencode 'tags[]=visit' --data-urlencode 'tags[]=cambodia' --data-urlencode '_uid=1'
  • C

    Invalid email error when trying to reset password

    Bug Reports
    0 Votes
    3 Posts
    1k Views
    C

    thanks - this seems to be an error for a particular user. The only thing different about that user is that it was imported, and I changed the email directly in the DB (mongo) after import.

    I've tried running nodebb in debugging mode but nothing appears in the logs when I try to reset the password for that user.

  • G

    /trackback/ csrf token error

    Bug Reports
    0 Votes
    1 Posts
    931 Views
    G

    Occurred when hitting /users/. Content loaded but profile image hung for awhile:

    29/5 14:32 [15911] - info: NodeBB Ready 29/5 14:32 [15911] - info: Enabling 'trust proxy' 29/5 14:32 [15911] - info: NodeBB is now listening on: 0.0.0.0:4568 29/5 14:32 [15910] - info: [plugins/spam-be-gone] Settings loaded 29/5 14:32 [15910] - info: NodeBB Ready 29/5 14:32 [15910] - info: Enabling 'trust proxy' 29/5 14:32 [15910] - info: NodeBB is now listening on: 0.0.0.0:4567 29/5 15:40 [15910] - error: /trackback/ invalid csrf token
  • G

    Wrong message shown for invalid username and password

    Bug Reports
    0 Votes
    14 Posts
    6k Views
    nhl.plN

    @gvimlan said:

    it shows the same problem as mentioned at the first post at the top "the invalid error name"

    Try to register a new user and log-in. If it works fine you should re-install NodeBB.

  • pichaliteP

    invalid csrf token errors in log v0.6.1-dev

    Bug Reports
    0 Votes
    2 Posts
    1k Views
    A

    Make sure your themes are latest and greatest. And any Plugins too. Run npm up in the nodebb folder to make sure.

Copyright © 2023 NodeBB | Contributors