Repeated Error ID xxxx: CSRF token verification failed!

voljka · March 10, 2020, 8:34am

Hello.
Zammad 3.3.x on Centos 7 from package. NGINX web server.
I noticed repeated errors in production log. But, I do not see any problems with helpdesk. Logins from LAN, Internet, Google auth, Office365 auth, LDAP integration, local login - all good.
Please advice, what can be a reason for this repeated errors?
============= production.log fragment ================================

I, [2020-03-10T10:18:44.305659 #60786-47008776398020] INFO – : Started POST “/api/v1/message_send” for 10.10.10.253 at 2020-03-10 10:18:44 +0200
I, [2020-03-10T10:18:44.313141 #60786-47008776398020] INFO – : Processing by LongPollingController#message_send as JSON
I, [2020-03-10T10:18:44.313245 #60786-47008776398020] INFO – : Parameters: {“data”=>{“event”=>“login”}}
I, [2020-03-10T10:18:44.314340 #60786-47008776398020] INFO – : CSRF token verification failed
E, [2020-03-10T10:18:44.314767 #60786-47008776398020] ERROR – : Error ID gCjuPEXb: CSRF token verification failed!
E, [2020-03-10T10:18:44.315086 #60786-47008776398020] ERROR – : Error ID JuLRA7RO: CSRF token verification failed!
I, [2020-03-10T10:18:44.315941 #60786-47008776398020] INFO – : Completed 401 Unauthorized in 2ms (Views: 0.5ms | ActiveRecord: 0.0ms)
I, [2020-03-10T10:18:45.482548 #60786-70127398960540] INFO – : Completed 200 OK in 25027ms (Views: 0.3ms | ActiveRecord: 1.3ms)
I, [2020-03-10T10:18:45.541998 #60786-47008779189880] INFO – : Started POST “/api/v1/message_receive” for 10.10.10.253 at 2020-03-10 10:18:45 +0200
I, [2020-03-10T10:18:45.553055 #60786-47008779189880] INFO – : Processing by LongPollingController#message_receive as JSON
I, [2020-03-10T10:18:45.553285 #60786-47008779189880] INFO – : Parameters: {“client_id”=>“7462264792”}
I, [2020-03-10T10:18:49.095058 #60786-70127391531040] INFO – : Completed 200 OK in 25031ms (Views: 0.2ms | ActiveRecord: 2.0ms)
I, [2020-03-10T10:18:49.148591 #60786-47008776398020] INFO – : Started POST “/api/v1/message_receive” for 10.10.10.253 at 2020-03-10 10:18:49 +0200
I, [2020-03-10T10:18:49.158944 #60786-47008776398020] INFO – : Processing by LongPollingController#message_receive as JSON
I, [2020-03-10T10:18:49.159036 #60786-47008776398020] INFO – : Parameters: {“client_id”=>“8703627373”}
I, [2020-03-10T10:18:55.220892 #60786-70127398960540] INFO – : Started POST “/api/v1/message_send” for 10.10.10.253 at 2020-03-10 10:18:55 +0200
I, [2020-03-10T10:18:55.232937 #60786-70127398960540] INFO – : Processing by LongPollingController#message_send as JSON
I, [2020-03-10T10:18:55.233061 #60786-70127398960540] INFO – : Parameters: {“data”=>{“event”=>“login”}}
I, [2020-03-10T10:18:55.233794 #60786-70127398960540] INFO – : CSRF token verification failed
E, [2020-03-10T10:18:55.234545 #60786-70127398960540] ERROR – : Error ID _YCVsPM8: CSRF token verification failed!
E, [2020-03-10T10:18:55.234770 #60786-70127398960540] ERROR – : Error ID 9UIKMIiu: CSRF token verification failed!
I, [2020-03-10T10:18:55.235085 #60786-70127398960540] INFO – : Completed 401 Unauthorized in 2ms (Views: 0.1ms | ActiveRecord: 0.0ms)
I, [2020-03-10T10:18:58.608769 #60786-47008826252780] INFO – : Completed 200 OK in 25031ms (Views: 0.4ms | ActiveRecord: 1.6ms)
I, [2020-03-10T10:18:58.664662 #60786-70127391531040] INFO – : Started POST “/api/v1/message_receive” for 10.10.10.253 at 2020-03-10 10:18:58 +0200
I, [2020-03-10T10:18:58.671883 #60786-70127391531040] INFO – : Processing by LongPollingController#message_receive as JSON
I, [2020-03-10T10:18:58.671977 #60786-70127391531040] INFO – : Parameters: {“client_id”=>“7906539403”}
I, [2020-03-10T10:19:06.282968 #60786-70127398960540] INFO – : Started POST “/api/v1/message_send” for 10.10.10.253 at 2020-03-10 10:19:06 +0200
I, [2020-03-10T10:19:06.289004 #60786-70127398960540] INFO – : Processing by LongPollingController#message_send as JSON
I, [2020-03-10T10:19:06.289077 #60786-70127398960540] INFO – : Parameters: {“data”=>{“event”=>“login”}}
I, [2020-03-10T10:19:06.289477 #60786-70127398960540] INFO – : CSRF token verification failed
E, [2020-03-10T10:19:06.289591 #60786-70127398960540] ERROR – : Error ID VOPww2js: CSRF token verification failed!
E, [2020-03-10T10:19:06.289734 #60786-70127398960540] ERROR – : Error ID 9BgvDGsT: CSRF token verification failed!
I, [2020-03-10T10:19:06.290023 #60786-70127398960540] INFO – : Completed 401 Unauthorized in 1ms (Views: 0.2ms | ActiveRecord: 0.0ms)

MrGeneration · March 10, 2020, 10:06am

Caching maybe?
Absolute blackbox sorry.

If you don’t have complaining users, maybe a script trying to do things.

Your webserver log might help you fiddling around to find out where it comes from.

voljka · March 10, 2020, 11:08am

is it possible to increase details in production.log? for exmple, to see what user logins are failed?

MrGeneration · March 16, 2020, 5:04pm

No, raising the log output would produce rubbish information that would confuse more than they’d use.

If you want to check if accounts are affected by failing logins, you can run the following via shell:
zammad run rails r 'p User.where("login_failed != 0").pluck(:id,:email)'

Above will output User-ID and Mail-Adresse for all logins that have failed at least once.

system · July 14, 2020, 5:13pm

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.