CSRF error when creating new accounts

  • Used Zammad version: 6.2.0-1708586921.9bcc425e.bookworm
  • Used Zammad installation type: package
  • Operating system: Debian 12
  • Browser + version: Brave 1.63.165

Expected behavior:

  • being able to create new accounts without issue

Actual behavior:

  • When logging out of my account, if i try to create a new account or (sometimes) log in to another account, i get the “CSRF token verification failed” error.

Steps to reproduce the behavior:

  • log out of an account
  • try creating another one

Someone in my organization encountered the same error when simply trying to create a new account, on a device where they had never logged in to the website.

I had already changed the HTTP_type and proxy_set_header X-Forwarded-Proto in my nginx config, because at first i simply always had the csrf error, now it’s only in some cases.

I would greatly appreciate any help i can get, even though this is not a particularly important issue it is still annoying and could annoy customers.

Thanks!