Fresh install and migration Zammad 3.6 - CSRF token verification failed!

Infos:

  • Used Zammad version: 3.6.0
  • Used Zammad installation source: yum repo
  • Operating system: CentOS 7.9
  • Browser + version: Edge, Firefox, Chrome

Expected behavior:

  • Access granted when i login with correct login data

Actual behavior:

  • I tried several accounts to login - all accounts give me a “CSRF token verification failed!” error after pushing “Sign in”

Steps to reproduce the behavior:

  • We did a clean install of zammad 3.5? (not sure, it was some weeks ago) on Centos 7.9. After successful migration (from OTRS — Zammad documentation) we tried the login
  • What we tried is modifying the config zammad.conf proxy_set_header X-Forwarded-Proto $scheme to proxy_set_header X-Forwarded-Proto http (we’re using http only for evaluation) - CSRF error
  • We tried to enable SSL with the example config zammad/zammad_ssl.conf at develop · zammad/zammad · GitHub - CSRF error

What have we done wrong? We can’t find the error.

It seems that exactly this User Login: CSRF token verification failed! - #4 by lpignedoli is the same issue.

Are there any news about it?

I resolved this issue by configuring the web server in SSL with a self-signed certificate.