CSRF token failed

  • Used Zammad version: 3.3
  • Used Zammad installation source: (source, package, …) source
  • Operating system: Ubuntu
  • Browser + version: Firefox unterschiedliche Versionen

Expected behavior:

Ich möchte mich an meinem lokalem Zammad anmelden.

Actual behavior:

Ich möchte mich an meinem lokalem Zammad anmelden und bekomme die Fehlermeldung: “CSRF token failed”.

Ich habe schon diverse Lösungen probiert. Unter anderem auch User Login - CSRF token verification failed!

hier meine aktuelle Konfiguration:

this is the nginx config for zammad

upstream zammad-railsserver {
server 127.0.0.1:3000;
}

upstream zammad-websocket {
server 127.0.0.1:6042;
}
server {
listen 443;

# replace 'localhost' with your fqdn if you want to use zammad from remote
server_name server;

# security - prevent information disclosure about server version
server_tokens off;

root /opt/zammad/public;

access_log /var/log/nginx/zammad.access.log;
error_log  /var/log/nginx/zammad.error.log;

client_max_body_size 50M;

location ~ ^/(assets/|robots.txt|humans.txt|favicon.ico) {
    expires max;
}

location /ws {
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header CLIENT_IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_read_timeout 86400;
    proxy_pass http://zammad-websocket;
}

location / {
    proxy_set_header Host $http_host;
    proxy_set_header CLIENT_IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_read_timeout 300;
    proxy_pass http://zammad-railsserver;

    gzip on;
    gzip_types text/plain text/xml text/css image/svg+xml application/javascript application/x-javascript application/json application/xml;
    gzip_proxied any;
}

}

Wo kann ich das log einsehen?

Es ging von heute auf morgen nicht mehr.

Additionally here you can see the post from the Log:

I, [2020-04-22T06:42:10.883667 #1029-47301227742720] INFO – : Running job thread for ‘Execute jobs’ (Job.run) status is: sleep
I, [2020-04-22T06:42:26.663880 #1015-46952768929600] INFO – : Started POST “/api/v1/signin” for IP at 2020-04-22 06:42:26 +0000
I, [2020-04-22T06:42:26.667031 #1015-46952768929600] INFO – : Processing by SessionsController#create as JSON
I, [2020-04-22T06:42:26.667091 #1015-46952768929600] INFO – : Parameters: {“username”=>“User”, “password”=>"[FILTERED]", “fingerprint”=>"-1682479629"}
I, [2020-04-22T06:42:26.670326 #1015-46952768929600] INFO – : CSRF token verification failed
I, [2020-04-22T06:42:26.670770 #1015-46952768929600] INFO – : Completed 401 Unauthorized in 4ms (Views: 0.1ms | ActiveRecord: 1.1ms)
I, [2020-04-22T06:42:27.064466 #1029-47301309716420] INFO – : execute Channel.fetch (try_count 0)…

Please note that this is a english speaking board.
Also, your issue can be solved by readon the following post (see point 2):
https://community.zammad.org/t/zammad-3-2-is-available/3656/2

This has been discussed a lot on this community.

Hi.

Sorry for writing in german.
I notized it but wasn‘t able to change it.

I figured the Problem by my own.

Your solution didn‘t work for me.

My problem was LDAP authentication was Not set to ssl.

Thank you for your reply.

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.