New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CSRF token validation failed #2741
Comments
I did the same thing but on Cloud Foundry few days ago and it was ok. I did it yesterday and i have the same problem. I tried different commit and it seems that commit after the one with sha 1dd3061 are not ok. |
I am getting the same error. all.js:11 POST http://cachet-syui.1d35.starter-us-east-1.openshiftapps.com/setup/step1 400 (Bad Request) cachet version 2.4 : https://github.com/syui/Cachet I am using openshift online (free) and mysql (oc new-app mysql). http://cachet-syui.1d35.starter-us-east-1.openshiftapps.com/setup I have followed most of the steps below.
Setting |
Double fixed in e426eff |
@jbrooksuk I got 500 error. |
Can you share your log file please. |
@jbrooksuk I'm sorry. I was wrong. |
Still same problem. |
Try running As far as I'm aware v2.3 never had this issue. |
Didn't solve it. |
The same here. Clean install and problem with CSRF. |
SESSION_DRIVER from apc to file seems to have fixed it for me. |
Hi there CSRF error when i try to log me to dashboard. Any idea ? |
+1 on that |
+1 CACHE_DRIVER=file |
I've tried a lot of different things. I keep getting
|
@jbrooksuk can you re-open this issue. |
Maybe @GrahamCampbell or @joecohens can assist as well. |
I'm having the same problem |
Facing the same issue |
I'm also having this issue. |
@urupaud and @shieldheart if using Docker, I was able to resolve by switching from master to the 4.2 branch of CachetHQ/Docker |
Yes, I'm using docker. Did you mean branch 2.4? It already defaults to that anyway. I can't find a 4.2 branch. |
Yes, sorry the 2.4 branch of the Docker repo (not just the 2.4 version of Cachet) - https://github.com/CachetHQ/Docker/tree/2.4 |
If that works for you, then there's something with this last commit on Docker master that's breaking things - cachethq/Docker@522cbd4 |
Alright so the docker-compose.yml file looks for cachet 2.4 but I should clone the 2.4 branch of the Docker repo it self. So you want me to do git clone -b 2.4 https://github.com/CachetHQ/Docker.git instead? |
If you've already cloned the repo you can just do |
Ah good to know thanks :) I'll report back in a few minutes. |
Cool, you probably want to |
I'm happy to report that switching to the 2.4 branch worked! |
Great! Can you report that information here - cachethq/Docker#341 |
Done, just trying to figure out if the popups (when you hover over a ? or say a green pip to get more details) not having a black background but it existing in the demo version is an error or not or if CSS is not loading somewhere. |
@jgadbois I'm using the docker file with cachet version as 2.4, this is how i use it FROM nginx:1.15.12-alpine EXPOSE 8000 ARG cachet_ver ENV cachet_ver ${cachet_ver:-2.4} |
How are you disabling the php bug bear bar at the bottom of the site? In my docker-compose.yml file it is set to DEBUG=false |
APP_ENV=production I think.
…On Wed, Jun 12, 2019 at 9:04 AM Mr. Monster ***@***.***> wrote:
Great! Can you report that information here - cachethq/Docker#341
<cachethq/Docker#341>
How are you disabling the php bug bear bar at the bottom of the site? In
my docker-compose.yml file it is set to
DEBUG=false
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#2741>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AACBQV7HAG5DAPBYNFY3FNTP2CNXJANCNFSM4D4PAV6Q>
.
|
Does not work, unfortunately. |
Try
APP_ENV=production
APP_DEBUG=false
On Wed, Jun 12, 2019 at 9:25 AM Mr. Monster <notifications@github.com>
wrote:
… APP_ENV=production I think.
… <#m_2399982135068350630_>
On Wed, Jun 12, 2019 at 9:04 AM Mr. Monster *@*.***> wrote: Great! Can
you report that information here - cachethq/Docker#341
<cachethq/Docker#341> <CachetHQ/Docker#341
<cachethq/Docker#341>> How are you disabling
the php bug bear bar at the bottom of the site? In my docker-compose.yml
file it is set to DEBUG=false — You are receiving this because you were
mentioned. Reply to this email directly, view it on GitHub <#2741
<#2741>,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AACBQV7HAG5DAPBYNFY3FNTP2CNXJANCNFSM4D4PAV6Q
.
Does not work unfortunately.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#2741>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AACBQV6NE7S2SWE2FW5S2MDP2CQHPANCNFSM4D4PAV6Q>
.
|
That worked. Makes me wodner if the default "DEBUG=false" is a typo then. If you check the Repo for the docker version, its in the docker-compose.yml file. If you spin up a working version with branch 2.4 are you getting the Styling problem with the hover popups as well? |
btw I've done the same but still getting the same error. also want to mention that I'm migrating my data from cachet 2.3.15 to 2.4. steps I followed are,
Any advice regarding this would be highly appreciated, anything I'm doing wrong here? |
Does your entrypoint.sh have these set? If so, just take out the
|
Also having this issue. |
@lunarthegrey I have tried as you suggested but removing the default APC driver and domain has had no effect. I've set them both to |
I'm also having this issue when running in docker. This also occurs which a completely fresh install. Changing session driver does not help. APP_DEBUG=false will remove the debug screen, but the issue still occurs when trying to log in for dashboard. |
After pulling hairs for some hours, I finally got around the dreaded "CSRF token validation failed" exception. Apparently somehow someone got the idea to set SESSION_DOMAIN to "apc" or whatever the session driver (not domain) should be if it didn't get supplied by the configuration. The CSRF token is stored in the session. In the next request, the CSRF token will normally be verified by comparing it to the token stored in the session. However, because the session cookie doesn't get sent with the next request (because there is none registered in the browser), the CSRF token is just regenerated and obviously won't be equal to the one that's sent in that request. This is what's causing the token validation to fail. TL;DR: fix SESSION_DOMAIN and you're probably done. |
Nice work @friek ! Hopefully we can get this merged and this will no longer be an issue. Could you also reference cachethq/Docker#341 in your pull if possible so those people can get notified as well? |
Done 👍 |
I'm still experiencing this issue myself, even when manually overriding SESSION_DOMAIN in my deployment. These are the variable values I am setting:
|
@maddprof your |
Even if I set that to null
Note I am working on this for a helm deployment using minikube on a locally hosted VM. |
What are you putting into your browser address bar when you're trying to access it and getting the CSRF error? |
@djk I can get to the login page > Enter credentials > Submit > Error on login. |
Set |
@djk I realized what you were getting at as soon as I posted that. I'm in now. Thank you for your help, I'll make note of that when we deploy to our production cluster. |
I solved it in local setup, on setup page, I should set the site domain to |
I am totally sure it has to do something with my environment but I could need a little help. I alway had Cachet good working on Redhat OpenShift, as they are moving to a new platform I decided to move away to my own FreeBSD server.
As for my enviroment I have downloaded the source with Git and followed the whole documentation https://docs.cachethq.io/docs/installing-cachet. I use FreeBSD 10, PHP56, NGINX, composer and PDO MySQL extension.
As for this issue I already cleared cache, did a new app:install, config:cache, got my app:key nicely filled in my .env-file, correctly set permissions for my WWW-user:777 (temp) and such sort of things.
I have no caching apps tho. Any idea what this could be? When I browse to https://status.domain.com/setup I see the config page and as soon as I fill in my stuff I get: "CSRF TOKEN VALIDATION FAILED".
`APP_ENV=production
APP_DEBUG=true
APP_URL=http://status.xxxxxxxxx.nl
APP_KEY=base64:dtZmW2niOo/JUD+1lJDJPbZz/ywuAKUFN7xxxxxxxxx
DB_DRIVER=mysql
DB_HOST=localhost
DB_UNIX_SOCKET=null
DB_DATABASE=xxxxxxxxx
DB_USERNAME=xxxxxxxxx
DB_PASSWORD=xxxxxxxxx
DB_PORT=null
DB_PREFIX=null
CACHE_DRIVER=file
SESSION_DRIVER=file
QUEUE_DRIVER=sync
CACHET_BEACON=true
CACHET_EMOJI=false
CACHET_AUTO_TWITTER=true
`
The text was updated successfully, but these errors were encountered: