New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CSRF error #395
Comments
Specifically, it says the CSRF token is missing. |
Hmmm... now I can't access the admin interface, because when I try to re-authenticate, I get the same error.
|
I bounced the service, and now I can log back in. I'll check with my user. |
Now after logging out, I can't log back in due to CSRF shenanigans. Something crazy is going on here. This time, though, I get this:
BTW, I'm on revision 46b585c. |
Sorry for my late response. Any idea what caused this error? |
Nope. I had to disable CSRF completely. |
did you inspect the page and see if the token is actually there? Not that it would change anything.. but probably worth a shot - you could try to replace the |
SECRET_KEY is set, yes. I'll tinker with it some more on a dev board. |
@haliphax does this also appear when running the dev server? |
I tried setting up a new flaskbb instance (gunicorn & nginx) but what I ever I do I can't get this error.. |
I've got this error too,does any solution could help me? |
What did you do to get this error @nanata1115? |
thank u for your reply . I've solve this problem by change the “SERVER_NAME ” from ’IP:PORT‘ to ’ domain name:port‘. But, I still got the problem of “EncodeError: Object of type User is not JSON serializable” when I regist a new user. By the way ,Firefox worked fine with ’IP:PORT‘! @sh4nks |
I think you only have to specify the Lets say, you have flaskbb running via gunicorn on 127.0.0.1:10001 and expose flaskbb via nginx on port 8080 than you would have to set I'll look into that EncodeError but I thought I have fixed it a couple of weeks ago. Are you using the latest commit? edit: I can't reproduce this error on 'test.flaskbb.org' which is using the latest master. |
I am so sorry, it's my fault, My source code was a little older than the latest one. I've already update it. But all the language support is missing when I restart the app. It confuses me. And your understanding is almost right, except I have not use nginx, @sh4nks |
@nanata1115 please open a separate issue for this. @haliphax I can finally reproduce this error on my testing instance at https://test.flaskbb.org. The exception is raised on this line: https://github.com/lepture/flask-wtf/blob/master/flask_wtf/csrf.py#L94
|
Did some more digging and found out that after deleting the session cookie a few times it won't get regenerated anymore - not even when switching to a different browser. |
This feature caused more troubles than it fixed. Quite sure that #395 is related to this command.
This bug is caused by the in-built command ( gunicorn -w 4 wsgi:flaskbb -b 127.0.0.1:30000 --log-file logs/gunicorn.log --pid gunicorn.pid --reload -D I have removed the whole |
I'm running gunicorn in a similar fashion now, and I haven't seen the error return so far. |
I'm sorry, the error do not happens if I use https instead http. |
One (and only one) of my users says that he is receiving a CSRF error every time he tries to login. He has tried multiple browsers, private windows, clearing cache, flushing DNS, using wifi vs. LTE, and using different devices.
The text was updated successfully, but these errors were encountered: