Infos:
- Used Zammad version: 3.6.0 (3.6.0-1609411394.587a3197.focal)
- Used Zammad installation source: DEB
- Operating system: Ubuntu 20.04.1 LTS
- Browser + version: Edge 88.0.705.29, Chrome: 87.0.4280.88
- Traffic is not proxied; no SSL/TLS encryption mode; Use HTTP
- Migrate from OTRS 5.x — Zammad documentation
Expected behavior:
- Users can log on at any time.
Actual behavior:
- The following error is displayed: “CSRF token verification failed!”
Steps to reproduce the behavior:
- Clean installation of Zammad and import data from OTRS
Apache config
#
# this is the apache config for zammad
#
<VirtualHost *:80>
ServerName 192.168.6.9
# security - prevent information disclosure about server version
#ServerTokens Prod
## don't loose time with IP address lookups
HostnameLookups Off
## needed for named virtual hosts
UseCanonicalName Off
## configures the footer on server-generated documents
ServerSignature Off
ProxyRequests Off
ProxyPreserveHost On
<Proxy 127.0.0.1:3000>
Require local
</Proxy>
ProxyPass /assets !
ProxyPass /favicon.ico !
ProxyPass /apple-touch-icon.png !
ProxyPass /robots.txt !
ProxyPass /ws ws://127.0.0.1:6042/
ProxyPass / http://127.0.0.1:3000/
#RequestHeader set X_FORWARDED_PROTO 'http'
#RequestHeader set X-Forwarded-Ssl off
# change this line in an SSO setup
#RequestHeader unset X-Forwarded-User
DocumentRoot "/opt/zammad/public"
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory "/opt/zammad/public">
Options FollowSymLinks
Require all granted
</Directory>
</VirtualHost>
Log File
I, [2020-12-31T14:55:14.868882 #3386-47290452778680] INFO -- : CSRF token verification failed
I, [2020-12-31T14:55:14.869111 #3386-47290452778680] INFO -- : CSRF token verification failed! (Exceptions::NotAuthorized)
/opt/zammad/app/controllers/application_controller/prevents_csrf.rb:35:in `verify_csrf_token'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.4.4/lib/active_support/callbacks.rb:426:in `block in make_lambda'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.4.4/lib/active_support/callbacks.rb:179:in `block (2 levels) in halting_and_conditional'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.4/lib/abstract_controller/callbacks.rb:34:in `block (2 levels) in <module:Callbacks>'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.4.4/lib/active_support/callbacks.rb:180:in `block in halting_and_conditional'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.4.4/lib/active_support/callbacks.rb:513:in `block in invoke_before'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.4.4/lib/active_support/callbacks.rb:513:in `each'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.4.4/lib/active_support/callbacks.rb:513:in `invoke_before'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.4.4/lib/active_support/callbacks.rb:107:in `block in run_callbacks'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.4.4/lib/active_support/callbacks.rb:136:in `run_callbacks'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.4/lib/abstract_controller/callbacks.rb:41:in `process_action'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.4/lib/action_controller/metal/rescue.rb:22:in `process_action'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.4/lib/action_controller/metal/instrumentation.rb:34:in `block in process_action'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.4.4/lib/active_support/notifications.rb:168:in `block in instrument'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.4.4/lib/active_support/notifications/instrumenter.rb:23:in `instrument'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.4.4/lib/active_support/notifications.rb:168:in `instrument'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.4/lib/action_controller/metal/instrumentation.rb:32:in `process_action'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.4/lib/action_controller/metal/params_wrapper.rb:256:in `process_action'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/activerecord-5.2.4.4/lib/active_record/railties/controller_runtime.rb:24:in `process_action'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.4/lib/abstract_controller/base.rb:134:in `process'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/actionview-5.2.4.4/lib/action_view/rendering.rb:32:in `process'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.4/lib/action_controller/metal.rb:191:in `dispatch'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.4/lib/action_controller/metal.rb:252:in `dispatch'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.4/lib/action_dispatch/routing/route_set.rb:52:in `dispatch'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.4/lib/action_dispatch/routing/route_set.rb:34:in `serve'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.4/lib/action_dispatch/journey/router.rb:52:in `block in serve'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.4/lib/action_dispatch/journey/router.rb:35:in `each'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.4/lib/action_dispatch/journey/router.rb:35:in `serve'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.4/lib/action_dispatch/routing/route_set.rb:840:in `call'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:420:in `call_app!'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/omniauth-saml-1.10.1/lib/omniauth/strategies/saml.rb:89:in `other_phase'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:190:in `call!'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:169:in `call'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:192:in `call!'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.1/lib/omniauth/builder.rb:45:in `call'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/rack-2.2.3/lib/rack/tempfile_reaper.rb:15:in `call'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/rack-2.2.3/lib/rack/etag.rb:27:in `call'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/rack-2.2.3/lib/rack/conditional_get.rb:40:in `call'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/rack-2.2.3/lib/rack/head.rb:12:in `call'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.4/lib/action_dispatch/http/content_security_policy.rb:18:in `call'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/rack-2.2.3/lib/rack/session/abstract/id.rb:266:in `context'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/rack-2.2.3/lib/rack/session/abstract/id.rb:260:in `call'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.4/lib/action_dispatch/middleware/cookies.rb:670:in `call'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.4/lib/action_dispatch/middleware/callbacks.rb:28:in `block in call'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.4.4/lib/active_support/callbacks.rb:98:in `run_callbacks'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.4/lib/action_dispatch/middleware/callbacks.rb:26:in `call'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.4/lib/action_dispatch/middleware/debug_exceptions.rb:61:in `call'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.4/lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/railties-5.2.4.4/lib/rails/rack/logger.rb:38:in `call_app'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/railties-5.2.4.4/lib/rails/rack/logger.rb:26:in `block in call'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.4.4/lib/active_support/tagged_logging.rb:71:in `block in tagged'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.4.4/lib/active_support/tagged_logging.rb:28:in `tagged'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.4.4/lib/active_support/tagged_logging.rb:71:in `tagged'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/railties-5.2.4.4/lib/rails/rack/logger.rb:26:in `call'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.4/lib/action_dispatch/middleware/remote_ip.rb:81:in `call'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.4/lib/action_dispatch/middleware/request_id.rb:27:in `call'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/rack-2.2.3/lib/rack/method_override.rb:24:in `call'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/rack-2.2.3/lib/rack/runtime.rb:22:in `call'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.4.4/lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.4/lib/action_dispatch/middleware/executor.rb:14:in `call'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.4/lib/action_dispatch/middleware/static.rb:127:in `call'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/rack-2.2.3/lib/rack/sendfile.rb:110:in `call'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/railties-5.2.4.4/lib/rails/engine.rb:524:in `call'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/puma-3.12.6/lib/puma/configuration.rb:227:in `call'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/puma-3.12.6/lib/puma/server.rb:706:in `handle_request'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/puma-3.12.6/lib/puma/server.rb:476:in `process_client'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/puma-3.12.6/lib/puma/server.rb:334:in `block in run'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/puma-3.12.6/lib/puma/thread_pool.rb:135:in `block in spawn_thread'
/opt/zammad/vendor/bundle/ruby/2.6.0/gems/logging-2.2.2/lib/logging/diagnostic_context.rb:474:in `block in create_with_logging_context'
I, [2020-12-31T14:55:14.870628 #3386-47290452778680] INFO -- : Completed 401 Unauthorized in 10ms (Views: 0.4ms | ActiveRecord: 4.2ms)
I, [2020-12-31T14:55:20.038213 #3406-46925171956640] INFO -- : execute Channel.fetch (try_count 0)...
I, [2020-12-31T14:55:20.041082 #3406-46925171956640] INFO -- : ended Channel.fetch took: 0.038775662 seconds.
Note
Before trying to import OTRS data I tried to use a clean installation without data to check the system without problems. After I restarting from scratch and import the OTRS data, but when I try to login I get CSRF token verification failed! message.