CSRF token verification failed after login again

  • Used Zammad version: 5.5.0-alpha-64
  • Used Zammad installation type: docker-compose
  • Operating system: Ubuntu 20.04
  • Browser + version: Chrome 111.0.5563.66

Expected behavior:

  • Able to login again

Actual behavior:

  • Initial Login works after creating a admin user but runs into the above mentioned error after logout and login again

Steps to reproduce the behavior:

    1. Setup a fresh zammad instance via docker-compose
    1. Create an Admin User
    1. Logout
    1. Login again

Iam running zammad behind a Traefik reverse Proxy which works with other apllications without issues also using Lets Encrypt to create SSL certs.

My docker-compose.yaml:

version: '3.7'
networks:
  zammad:
    name: zammad
services:
  zammad:
    image: zammad/zammad:5.5.0-alpha-64
    restart: always
    ports:
      - "5080:80"
      - "5443:443"
      - "5222:22"
    volumes:
      - ./data:/opt/zammad/data
      - ./ssl:/opt/zammad/ssl
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.zammad.rule=Host(`xxx`)"
      - "traefik.http.routers.zammad.tls.certresolver=letsencrypt"
      - "traefik.http.routers.zammad.entrypoints=websecure"
      - "traefik.http.routers.zammad.service=zammad"
      - "traefik.http.services.zammad.loadbalancer.server.port=80"
    environment:
      ELASTICSEARCH_URL: http://elasticsearch:9200
      RAILS_ENV: production
      RAILS_HOST: xxx

      RAILS_TRUSTED_PROXIES: "['127.0.0.1', '::1', 'traefik']"
      NGINX_SERVER_SCHEME: https
      SMTP_HOST: xxx
      SMTP_PORT: 25
      SMTP_DOMAIN: xxxx
      SMTP_FROM: xxx
    depends_on:
      - postgresql
      - elasticsearch
    networks:
      - zammad
  postgresql:
    image: postgres:15.2-alpine
    restart: always
    environment:
      POSTGRES_USER:  xxx
      POSTGRES_PASSWORD: xxx
      POSTGRES_DB: xxx
    volumes:
      - ./postgresql:/var/lib/postgresql/data
    networks:
      - zammad
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:8.6.2
    environment:
      - "discovery.type=single-node"
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - ingest.geoip.downloader.enabled=false
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - ./elasticsearch:/usr/share/elasticsearch/data
    networks:
      - zammad

I have also applied fixes as mentioned here without success: CSRF token verification failed · Issue #2829 · zammad/zammad · GitHub

By adding:

environment:
- RAILS_TRUSTED_PROXIES=['127.0.0.1', '::1', 'traefik']
- NGINX_SERVER_SCHEME=https

No one has this kind of Issue?

And you changed exactly nothing after using the getting started wizard?
If you’ve changed configuration especially of the container scopes etc afterwards then that’s your issue.

Most likely the HTTP_Type of your Zammad instance is HTTP and not HTTPs how it should be in your scenario.

That issue is mentioned here:
https://docs.zammad.org/en/latest/install/docker-compose/environment.html#nginx

and here:
Query and set / update Zammad settings — Zammad documentation (railsserver context) as you no longer can login.

@MrGeneration it is exactly as you described. I solved this Issue days before with the your provided Informations.

You can close that Issue and thanks for the Reply

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.