Hi,
on a fresh install of Zammad 3.2.x (source installation on ubuntu 18.04 lts) I get
“CSRF token verification failed!”
on all logins after the initial configuration step (initial setup of an admin user was successful). I can not find any documentation/FAQ with infos on this and the logfile is also not very informative.
Oh, sorry, I thought this is a productive version. The VERSION and CHANGELOG files did not contain infos about the dev status
Browser is latest Firefox, but the same issue appears with Chromium/Chrome, also after refresh and bypassing browser cache.
As this is a empty installation right now, what would be best: re- install a stable version or continue with 3.2 and debug it? If it is ore or less “alpha” I would prefer an older version but if its more “beta” or close to release we can do some debugging on it …
Honestly, I’d prefer a stable instance on your end without any betaing ;D
However, I do run 3.2 instances which are working without any trouble, so if you’re using any specific addons, those might be at fault as well. Also ensure that your migrations are fine ( rake db:migrate ) .
same problem here. Now 3.2 is a stable release:
I did a upgrade from 3.1 CentOS Linux release 7.7.1908 (Core)
LDAP user sync. no special addons
After yum upgrade to zammad 3.2:
Name : zammad
Architektur : x86_64
Version : 3.2.0
Ausgabe : 1575357814.e0ff35cb.centos7
Größe : 655 M
Quelle : installed
I cannot login anymore. No agent and also local zammadadmin user. Same response:
I, [2019-12-03T14:40:06.502395 #25840-47147295467000] INFO – : Scheduler started.
I, [2019-12-03T14:40:06.513684 #25840-47147295467000] INFO – : Cleanup of left over locked delayed jobs 2019-12-03 13:40:06 UTC started.
I, [2019-12-03T14:40:06.518793 #25840-47147295467000] INFO – : Cleanup of left over locked delayed jobs 2019-12-03 13:40:06 UTC finished.
I, [2019-12-03T14:40:06.518834 #25840-47147295467000] INFO – : Cleanup of left over import jobs 2019-12-03 13:40:06 UTC started.
I, [2019-12-03T14:40:06.528833 #25840-47147295467000] INFO – : Cleanup of left over import jobs 2019-12-03 13:40:06 UTC finished.
I, [2019-12-03T14:40:06.528952 #25840-47147295467000] INFO – : Scheduler running…
I, [2019-12-03T14:40:06.548211 #25840-47147349406500] INFO – : execute Channel.fetch (try_count 0)…
I, [2019-12-03T14:40:06.550661 #25840-47147349406500] INFO – : fetching pop3 ( port=995,ssl=true)
I, [2019-12-03T14:40:06.706351 #25843-47443369821680] INFO – : Setting.set(‘models_searchable’, [“Chat::Session”, “User”, “Organization”, “Ticket”, “KnowledgeBase::Answer::Translation”])
I, [2019-12-03T14:40:07.311882 #25838-47295364613620] INFO – : Setting.set(‘models_searchable’, [“Chat::Session”, “User”, “Organization”, “Ticket”, “KnowledgeBase::Answer::Translation”])
I, [2019-12-03T14:40:10.554218 #25840-47147350265320] INFO – : Starting worker thread Delayed::Backend::ActiveRecord::Job
I, [2019-12-03T14:40:11.695242 #25840-47147349406500] INFO – : - no message
I, [2019-12-03T14:40:11.695458 #25840-47147349406500] INFO – : done
I, [2019-12-03T14:40:11.720314 #25840-47147349406500] INFO – : fetching pop3 ( port=995,ssl=true)
I, [2019-12-03T14:40:11.856433 #25840-47147349406500] INFO – : - no message
I, [2019-12-03T14:40:11.856575 #25840-47147349406500] INFO – : done
I, [2019-12-03T14:40:11.879031 #25840-47147349406500] INFO – : ended Channel.fetch took: 5.343160165 seconds.
I, [2019-12-03T14:40:12.132327 #25843-47443387556740] INFO – : Started POST “/api/v1/message_send” for 192.168.1.3 at 2019-12-03 14:40:12 +0100
I, [2019-12-03T14:40:12.163808 #25843-47443387556740] INFO – : Processing by LongPollingController#message_send as JSON
I, [2019-12-03T14:40:12.163884 #25843-47443387556740] INFO – : Parameters: {“data”=>{“event”=>“login”}}
I, [2019-12-03T14:40:12.164378 #25843-47443387556740] INFO – : CSRF token verification failed
Same problem here on debian after update to 3.2.
My Zammad is behind an apache reverse proxy which does ssl handling.
Quickfix: I downgraded back to 3.1
The relevant parts I have in my apache2 zammad.conf:
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /ws ws://localhost:6042/
ProxyPass / http://localhost:3001/
<Proxy localhost:3001>
Require local
</Proxy>
Hello astrastudio
please don’t laugh, because I ask this. But how I can downgrade back to 3.1?
Is it possible to install back to 3.1 with Debian?
I’m also running Zammad on Debian with Apache server and postgreSQL database.
I just cloned the VM and did 2 upgrades and downgrades in a row.
3.2 throws a “CSRF token verification failed” while trying to logon. 3.1 does not. Everything else did not change during the upgrade.
One of my two systems striked me with this error as well.
Both systems are apache based, I added the following two lines to my vHost configuration of Zammad:
RequestHeader set X_FORWARDED_PROTO 'https'
RequestHeader set X-Forwarded-Ssl on
Followed by a2enmod headers
and systemctl restart apache2
and that did it. Also, I wanted to share with the community the nginx config from the Plesk host (which is used only to forward the hostname/subdomain to the internal/NAT ip)—maybe it’ll be of any help for someone else…