Invalid CSRF Token
Technical Support
20
Posts
11
Posters
18.3k
Views
5
Watching
-
Our old friend, invalid CSRF token is back.
NodeBB v1.1.0
Git commit:296dc77c7bb2bbf92f711089d77e4f32f729951f
Redis3.0.7So far, I've tried 1) different browsers and 2) clearing out the individual cookies related to the domain.
Plugins:
- nodebb-theme-persona - nodebb-plugin-markdown - nodebb-plugin-mentions - nodebb-plugin-spam-be-gone - nodebb-widget-essentials - nodebb-rewards-essentials - nodebb-plugin-reddit - nodebb-plugin-soundpack-default - nodebb-plugin-emoji-extended - nodebb-plugin-rss - nodebb-plugin-twitter - nodebb-plugin-desktop-notifications - nodebb-plugin-question-and-answer - nodebb-plugin-sso-google-confirmed - nodebb-plugin-dbsearch - nodebb-plugin-sso-dropbox - nodebb-plugin-custom-pages - nodebb-plugin-twitch - nodebb-plugin-write-api - nodebb-plugin-youtube-lite - nodebb-plugin-emailer-mandrill - nodebb-plugin-vimeo - nodebb-plugin-newuser-invitation - nodebb-plugin-gravatar - nodebb-plugin-imgur - nodebb-plugin-codeinput - nodebb-plugin-composer-redactor - nodebb-plugin-header-extend - nodebb-plugin-poll - nodebb-plugin-soundcloud - nodebb-plugin-sso-github - nodebb-plugin-sso-googleI've tried resetting all the plugins as well, but this error persists:
Any ideas??
-
Our old friend, invalid CSRF token is back.
NodeBB v1.1.0
Git commit:296dc77c7bb2bbf92f711089d77e4f32f729951f
Redis3.0.7So far, I've tried 1) different browsers and 2) clearing out the individual cookies related to the domain.
Plugins:
- nodebb-theme-persona - nodebb-plugin-markdown - nodebb-plugin-mentions - nodebb-plugin-spam-be-gone - nodebb-widget-essentials - nodebb-rewards-essentials - nodebb-plugin-reddit - nodebb-plugin-soundpack-default - nodebb-plugin-emoji-extended - nodebb-plugin-rss - nodebb-plugin-twitter - nodebb-plugin-desktop-notifications - nodebb-plugin-question-and-answer - nodebb-plugin-sso-google-confirmed - nodebb-plugin-dbsearch - nodebb-plugin-sso-dropbox - nodebb-plugin-custom-pages - nodebb-plugin-twitch - nodebb-plugin-write-api - nodebb-plugin-youtube-lite - nodebb-plugin-emailer-mandrill - nodebb-plugin-vimeo - nodebb-plugin-newuser-invitation - nodebb-plugin-gravatar - nodebb-plugin-imgur - nodebb-plugin-codeinput - nodebb-plugin-composer-redactor - nodebb-plugin-header-extend - nodebb-plugin-poll - nodebb-plugin-soundcloud - nodebb-plugin-sso-github - nodebb-plugin-sso-googleI've tried resetting all the plugins as well, but this error persists:
Any ideas??
@Guiri follow the instructions here... https://github.com/NodeBB/NodeBB/issues/4734
-
@Guiri follow the instructions here... https://github.com/NodeBB/NodeBB/issues/4734
@pichalite TY
-
Hi, I have the same issue as you, it started a few weeks ago.
Yesterday I have a reported case of "Invalid-session"
- nodebb-plugin-asset-manager - nodebb-plugin-composer-embedly - nodebb-plugin-emailer-sendgrid - nodebb-plugin-embed-videos - nodebb-plugin-emoji-extended - nodebb-plugin-emoji-one - nodebb-plugin-iframely - nodebb-plugin-markdown - nodebb-plugin-mentions - nodebb-plugin-newsletter - nodebb-plugin-newuser-invitation - nodebb-plugin-ns-awards - nodebb-plugin-poll - nodebb-plugin-rss - nodebb-plugin-s3-uploads-updated - nodebb-plugin-slack-extended - nodebb-plugin-soundpack-default - nodebb-plugin-videoplayer - nodebb-rewards-essentials - nodebb-theme-persona - nodebb-widget-essentials - nodebb-widget-ns-statsWe have the same:
- nodebb-theme-persona
- nodebb-plugin-markdown
- nodebb-plugin-mentions - nodebb-widget-essentials
- nodebb-rewards-essentials
- nodebb-plugin-soundpack-default
- nodebb-plugin-emoji-extended
- nodebb-plugin-rss
- nodebb-plugin-newuser-invitation
-
I have met the same problem!
"csrf-invalid": "We were unable to log you in, likely due to an expired session. Please try again"I tried to clean all the cache and cookies of the chrome, but still happened!
NodeBB: V1.1.0 in github tag
Mongodb: 3.2.7
SSL: no
Upgraded from: fresh installed -
I have met the same problem!
"csrf-invalid": "We were unable to log you in, likely due to an expired session. Please try again"I tried to clean all the cache and cookies of the chrome, but still happened!
NodeBB: V1.1.0 in github tag
Mongodb: 3.2.7
SSL: no
Upgraded from: fresh installed -
@Jam said in Invalid CSRF Token:
SSL: no
Although you have SSL set to no, have you tried to resolve this problem by adding
proxy_set_header X-Forwarded-Proto $scheme;to your Nginx configuration? -
@rod thanks, i have added it~
I thought it was no necessary to add
proxy_set_header X-Forwarded-Proto $schemewhen we did not use SSL with nginx~ -
where do we set SSL:no. Can you paste your config.json?
-
where do we set SSL:no. Can you paste your config.json?
-
where do we set SSL:no. Can you paste your config.json?
@codecowboy don't think there is a setting like that. Where did you get that from?
-
@codecowboy As @pichalite has mentioned in the other thread, you'll want to reset the
cookieDomainconfig in your NodeBB. -
@codecowboy don't think there is a setting like that. Where did you get that from?
@pichalite SSL:No is mentioned higher up in this thread
-
@pichalite SSL:No is mentioned higher up in this thread
@codecowboy he just said that he is not using SSL. There is no such setting.
-
@codecowboy he just said that he is not using SSL. There is no such setting.
@pichalite aha. My bad. I am stupid. Its a curse.
-
I had the exact same issue, I ended up going back to v1.0.3. Lucky me that there was no change in the database so I could just use git checkout v1.0.3 and then run npm install followed by ./nodebb upgrade and everything went back to a working state.
-
I'm using nginx with SSL, had the same issue with login/CSRF Token when migrated from 1.0.3 to 1.1.2, and, as described before but always good to remain, adding this to my nginx config (
/etc/nginx/sites-enabled/defaultin my case) saved my life, thankproxy_set_header X-Forwarded-Proto $scheme; -
for the record for people finding this via search, for apache2 you have to set this somewhere in your nodebb vhost configuration
with sslRequestHeader set X-Forwarded-Proto "https"without ssl
RequestHeader set X-Forwarded-Proto "http"you might have to enable mod_headers to do so!
-
for the record for people finding this via search, for apache2 you have to set this somewhere in your nodebb vhost configuration
with sslRequestHeader set X-Forwarded-Proto "https"without ssl
RequestHeader set X-Forwarded-Proto "http"you might have to enable mod_headers to do so!
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login
