Update: I found the issue, the Nginx configuration for proxy_set_header X-Forwarded-Proto $scheme;
needed to be added to the definition.
S
Steveorevo
@Steveorevo
Posts
-
csrf invalid - socket.io -
csrf invalid - socket.ioGetting this same issue on local testing box. Fresh install of nodeBB v3.4.2's ./nodebb log says:
2023-09-15T00:55:23.673Z [50009/3928] - error: POST /login invalid csrf token
Web browser console says says:
https://test7.dev.cc/socket.io/?_csrf=6a4d4c...43eb&EIO=4&transport=polling&t=OgMM4ww Failed to load resource: the server responded with a status of 403 ()
config.json is pretty straightforward, granted I'm using PostgreSQL which isn't really well documented here. Had success with nodeBB 2.X, 3.X supported?
{ "url": "https://test7.dev.cc", "port": "50009", "bind_address": "127.0.0.1", "secret": "579e7ab9f9b57859734b15638a485e31", "database": "postgres", "postgres": { "host": "127.0.0.1", "port": "5432", "username": "pws_nodebb", "password": "NBpass123", "database": "pws_nodebb", "ssl": "false" } }
Nginx configuration is pretty straight forward. Works with ExpressJS, and websocket-y apps (NodeRED, etc.) without issue:
location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_pass http://127.0.0.1:$nodebb_port; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; }
Not really sure what to make of it other than the subfolder /socket.io/ seems kinda interesting; is it attempting to establish a websocket with a subfolder URL definition? Not sure if that elicits further location definitions in Nginx.
Any suggestions greatly appreciated.