DNS is hosted on Cloudflare; traffic is not proxied; SSL/TLS encryption mode is Full (strict) Encrypts end-to-end, but requires a trusted CA or Cloudflare Origin CA certificate on the server; Always Use HTTPS is off
After the initial config login, users cannot log in at any time
The following error is displayed: “CSRF token verification failed!”
Steps to reproduce the behavior:
Attempt to login with valid user credentials
Apache config
#
# this is the apache config for zammad
#
<VirtualHost *:80>
# replace 'localhost' with your fqdn if you want to use zammad from remote
ServerName help.macantacrm.com
# https://community.zammad.org/t/fresh-install-3-2-x-csrf-token-verification-failed/3080/14
RequestHeader set X_FORWARDED_PROTO 'https'
RequestHeader set X-Forwarded-Ssl on
## don't loose time with IP address lookups
HostnameLookups Off
## needed for named virtual hosts
UseCanonicalName Off
## configures the footer on server-generated documents
ServerSignature Off
ProxyRequests Off
ProxyPreserveHost On
<Proxy 127.0.0.1:3000>
Require local
</Proxy>
ProxyPass /assets !
ProxyPass /favicon.ico !
ProxyPass /robots.txt !
ProxyPass /ws ws://127.0.0.1:6042/
ProxyPass / http://127.0.0.1:3000/
DocumentRoot "/opt/zammad/public"
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory "/opt/zammad/public">
Options FollowSymLinks
Require all granted
</Directory>
RewriteEngine on
RewriteCond %{SERVER_NAME} =help.macantacrm.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
Log file
I, [2020-02-05T06:10:31.072126 #1095-46924083354600] INFO -- : Started POST "/api/v1/signin" for [REDACTED] at 2020-02-05 06:10:31 +0000
I, [2020-02-05T06:10:31.099946 #1095-46924083354600] INFO -- : Processing by SessionsController#create as JSON
I, [2020-02-05T06:10:31.100161 #1095-46924083354600] INFO -- : Parameters: {"username"=>"peter@macanta.org", "password"=>"[FILTERED]", "fingerprint"=>"-904905283"}
I, [2020-02-05T06:10:31.101982 #1095-46924083354600] INFO -- : CSRF token verification failed
I, [2020-02-05T06:10:31.103778 #1095-46924083354600] INFO -- : Completed 401 Unauthorized in 3ms (Views: 0.7ms | ActiveRecord: 0.0ms)