- Used Zammad version: 6.3.1
- Used Zammad installation type: (source, package, docker-compose, …)
- Operating system: ubuntu 22.04.4 LTS
- Browser + version: Version 126.0.6478.61 (Official Build) (64-bit)
Expected behavior:
- it should no CSRF token verification failed.
we cannot send email by “Trigger”, we found that the logs has CSRF token verification failed when POST /api/v1/message_send.
Actual behavior:
Steps to reproduce the behavior:
we have set nginx with proxy_set_header X-Forwarded-Proto https;
but the in the logs we still can see CSRF token verification failed
I, [2024-06-16T09:19:11.149723#19951-149420] INFO – : Started POST “/api/v1/message_send” for xxx.xxx.xxx.xx at 2024-06-16 09:19:11 +0800
I, [2024-06-16T09:19:11.154376#19951-149420] INFO – : Processing by LongPollingController#message_send as JSON
I, [2024-06-16T09:19:11.154454#19951-149420] INFO – : Parameters: {“data”=>{“event”=>“login”}}
I, [2024-06-16T09:19:11.158510#19951-149420] INFO – : CSRF token verification failed
I, [2024-06-16T09:19:11.158659#19951-149420] INFO – : CSRF token verification failed! (Exceptions::NotAuthorized)
app/controllers/application_controller/prevents_csrf.rb:36:in verify_csrf_token' app/controllers/application_controller/has_download.rb:17:in block (4 levels) in module:HasDownload’
app/controllers/application_controller/has_download.rb:16:in block (3 levels) in <module:HasDownload>' app/controllers/application_controller/has_download.rb:15:in block (2 levels) in module:HasDownload’
app/controllers/application_controller/handles_transitions.rb:16:in `handle_transaction’
I, [2024-06-16T09:19:11.159689#19951-149420] INFO – : Completed 401 Unauthorized in 5ms (Views: 0.1ms | ActiveRecord: 0.7ms | Allocations: 2136)