CSRF token verification failed, nginx

Technical assistance
1

Info’s:

  • Used Zammad version: 3.2
  • Used Zammad installation source: (source, package, …)- sudo apt-get install zammad
  • Operating system: Ubuntu 18
  • Browser + version: chrome

Expected behaviour:

  • I installed latest version of zammad 3.2 with NGINX proxy successfully and used existing postgres database used by zammad 2.8 at different hosting ip by configuring /zammad/config/database.yml file. I can successfully open zammad at http://localhost but when i try to login i am not able to login instead it is saying CSRF token verification failed

Actual behavior:

  • I installed latest version of zammad 3.2 and used existing postgres database used by zammad 2.8 at different hosting ip. I used NGINX for reverse proxy but when i try to log in in my local host server it shows error CSRF token verification failed.
    I tried different solution suggested like to convert “$scheme” to “$https” in “location /” and “location ws/” but that does not worked for me.

My NGINX configuration

 location /ws {

    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header CLIENT_IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_read_timeout 86400;
    proxy_pass http://zammad-websocket;
}


  location / {
    proxy_set_header Host $http_host;
    proxy_set_header CLIENT_IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_read_timeout 300;
    proxy_pass http://zammad-railsserver;

    gzip on;
    gzip_types text/plain text/xml text/css image/svg+xml application/javascript application/x-javascript application/json application/xml;
    gzip_proxied any;
}

Steps to reproduce the behavior:

*Install zammad 3.2 in ubuntu 18 localhost using nginx proxy and try to log in, you will get this issue.

2

Please provide the complete nginx configuration of that vhost file, because the provided is incomplete.

You’re telling Zammad that your connection is a HTTPs one, however, you’re actually using HTTP.
That’s the issue here, correct https to http and it should be fine.

3

Hey @MrGeneration thanks for the reply but converting https to http also not working

Here is my complete nginx configuration

this is the nginx config for zammad

upstream zammad-railsserver {
server 127.0.0.1:3000;
}
upstream zammad-websocket {
server 127.0.0.1:6042;
}
server {
listen 80;

replace ‘localhost’ with your domain if you want to use zammad from remote

server_name localhost;
root /opt/zammad/public;
access_log /var/log/nginx/zammad.access.log;
error_log /var/log/nginx/zammad.error.log;
client_max_body_size 50M;
location ~ ^/(assets/|robots.txt|humans.txt|favicon.ico) {
expires max;
}

location /ws {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “Upgrade”;
proxy_set_header CLIENT_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_read_timeout 86400;
proxy_pass http://zammad-websocket;}

location / {
proxy_set_header Host $http_host;
proxy_set_header CLIENT_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_read_timeout 300;
proxy_pass http://zammad-railsserver;
gzip on;
gzip_types text/plain text/xml text/css image/svg+xml application/javascript application/x-javascript application/json application/xml;
gzip_proxied any;
}}

downgrading version to 3.1

If i downgrade zammad version to 3.1 then it is perfectly working fine but in that case elasticsearch 7.5 not working
If there is any problem with 3.2 can you tell me the perfect versions of zammad 3.1 and its supported latest elastic search version and ruby version.
Any help will be greatly appreciated

4

Currently can’t the nginx issue. Still it’s weird because I’m using http on test environments without issues.
You may want to ensure that within system you didn’t choose “https” as http type by accident, because this will cause Zammad to suspect https connections (and cookies) which could cause your issue as well.

image
image1390×686 52.2 KB

For the elasticsearch question, your answer can be found on this post at the bottom :muscle:

5

Hi, thank you for this solution, but how can I set this setting by console? I am not able to login to website…

6

zammad run rake r "Setting.set('http_type', 'http(s)') ?

7

Hello

i have the same issue and also tried already to change the NGINX configuration. But it still doesn’t work.

I also made the mistake to choose https instead of http in Zammad, as shown on the screenshot before.

I tried to run
zammad run rake r "Setting.set('http_type', 'http(s)')"
but i get the response “command r unknown”

Can anyone help me?
i’m also running Ubuntu 18.04 and Zammad 3.2, freshly installed

Thank you very much

8

So as i wrote before, i wasnt able to run

zammad run rake r "Setting.set (‘http_type’, ‘http(s)’)"

i always received the answer command r unknown

i went then directly to the rails console with
zammad run rails c

checked the setting with

Setting.get ('http_type')

and received https as answer.

I changed it then to http(s) with
setting.set('http_type', 'http(s)')

i went out of the console, restartet zammad and nginx but it still didnt work.
So i tried again the same but changed this time to http in the console with
Setting.set('http_type', 'http')

restarted again zammad and nginx and finally it works now again :laughing:

thank you and sorry for my bad english.

1 Like
9

http(s) was my indicator of either choose http or https - sorry for the confusion.
Glad it’s working now.

10

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.