Skip to content
Sudonix

Invalid CSRF on dev install

Moved Solved Tips
10 3 6.1k 1
  • phenomlabundefined

    I wanted to create a DEV instance of sudonix, so went ahead and registered sudonix.dev, installed NodeBB, then recovered the database.

    All good - apart from the fact that I consistently got the dreaded csrf invalid message… 😠

    Here’s the log extract

    2022-03-21T14:15:25.859Z [4571/91294] - info: Initializing NodeBB v1.19.5 https://sudonix.dev
2022-03-21T14:15:27.761Z [4571/91294] - info: [socket.io] Restricting access to origin: https://sudonix.dev:*
2022-03-21T14:15:27.858Z [4571/91294] - warn: [plugins] "@nodebb/nodebb-plugin-user-level" is active but not installed.
(node:91294) Warning: Accessing non-existent property 'padLevels' of module exports inside circular dependency
(Use `node --trace-warnings ...` to show where the warning was created)
2022-03-21T14:15:28.637Z [4571/91294] - warn: [plugins/load] DEPRECATION The hook filter:router.page has been deprecated as of v1.15.3, and slated for removal in v2.1.0. Please use response:router.page instead. The following plugins are still listening for this hook:
  * nodebb-plugin-write-api
2022-03-21T14:15:28.724Z [4571/91294] - info: [plugins/spam-be-gone] Settings loaded
2022-03-21T14:15:28.734Z [4571/91294] - info: [reputation-rules] settings loaded
2022-03-21T14:15:28.925Z [4571/91294] - info: [api] Adding 4 route(s) to `api/v3/plugins`
2022-03-21T14:15:28.936Z [4571/91294] - info: [router] Routes added
2022-03-21T14:15:28.947Z [4571/91294] - info: NodeBB Ready
2022-03-21T14:15:28.948Z [4571/91294] - info: Enabling 'trust proxy'
2022-03-21T14:15:28.950Z [4571/91294] - info: NodeBB is now listening on: 0.0.0.0:4571
2022-03-21T14:15:47.488Z [4571/91294] - error: [plugin/iframely] Could not parse embed: Failed to lookup view "partials/iframely-widget-card" in views directory "/home/sudonix.dev/nodebb/build/public/templates". Url: https://sudonix.com/topic/233/nodebb-welcome-message-with-logo-footer-change/3?_=1645445273209
Missing translation "2factor:title" for language "en-GB"
Missing translation "qanda:topic_solved" for language "en-GB"
Missing translation "qanda:topic_solved" for language "en-GB"
Missing translation "qanda:topic_solved" for language "en-GB"
Missing translation "qanda:topic_solved" for language "en-GB"
Missing translation "qanda:topic_unsolved" for language "en-GB"
Missing translation "qanda:topic_solved" for language "en-GB"
Missing translation "qanda:topic_solved" for language "en-GB"
Missing translation "qanda:topic_solved" for language "en-GB"
Missing translation "qanda:topic_solved" for language "en-GB"
Missing translation "qanda:topic_solved" for language "en-GB"
Missing translation "qanda:topic_solved" for language "en-GB"
Missing translation "qanda:menu.solved" for language "en-GB"
Missing translation "qanda:menu.solved" for language "en-GB"
2022-03-21T14:15:48.899Z [4571/91294] - error: POST /logout
invalid csrf token

    Tried clearing cache, no dice. Tried incognito mode, no dice.

    After some significant head scratching, it suddenly dawned on me that the cookie domain would need to be reset as this is a PROD database replica in a new domain.

    To do this.

    1. Open the mondogb console
    2. Select your database - in my case use sudonixdev;
    3. Issue this command db.objects.update({_key: "config"}, {$set: {cookieDomain: ""}});
    4. Restart nodebb

    Problem solved - able to login 🙂

    Mark – Founder, Phenomlab Ltd
    Executive IT & Security Leadership
    Phenomlab Ltd

    3
  • phenomlabundefined phenomlab has marked this topic as solved on
  • phenomlabundefined phenomlab moved this topic from Configure on
  • phenomlabundefined phenomlab referenced this topic on
  • 小城风雨多undefined

    This post helped me in August.

    Now that I have migrated the server, this topic appears again, and the command no longer works.

    Do you know what causes this problem? How to avoid it?

    0
  • 小城风雨多undefined 小城风雨多

    This post helped me in August.

    Now that I have migrated the server, this topic appears again, and the command no longer works.

    Do you know what causes this problem? How to avoid it?

    phenomlabundefined

    @小城风雨多 The command should still work. What is the output?

    Mark – Founder, Phenomlab Ltd
    Executive IT & Security Leadership
    Phenomlab Ltd

    0
  • phenomlabundefined phenomlab

    @小城风雨多 The command should still work. What is the output?

    小城风雨多undefined

    @phenomlab

    Environment

    mongoDB version: 6.0.11
    nodebb version: 3.4.3

    Description

    renew install nodebb application and whole server machine, use mongodump backup and restored mongoDB data.
    Then I got this.

    Detail

    server nodebb log when I tried to login and register

    2023-11-03T08:55:23.895Z [4567/5442] - error: POST /login
invalid csrf token
2023-11-03T08:55:44.204Z [4567/5442] - error: POST /register
invalid csrf token

    executed mongo command then print

    nodebb> db.objects.update({_key: "config"}, {$set: {cookieDomain: ""}});
DeprecationWarning: Collection.update() is deprecated. Use updateOne, updateMany, or bulkWrite.
{
  acknowledged: true,
  insertedId: null,
  matchedCount: 1,
  modifiedCount: 0,
  upsertedCount: 0
}

nodebb> db.objects.updateOne({ _key: "config" }, { $set: { cookieDomain: "" } })
{
  acknowledged: true,
  insertedId: null,
  matchedCount: 1,
  modifiedCount: 0,
  upsertedCount: 0
}

    match 1 result, but modifed 0.

    PS

    I’m sorry I didn’t post the detailed information before, and I’m very grateful for your timely reply to my message.
    Now I have bound the email address for my account, and the follow-up news should be notified in time.

    小城风雨多undefined phenomlabundefined 2 Replies
    0
  • 小城风雨多undefined 小城风雨多

    @phenomlab

    Environment

    mongoDB version: 6.0.11
    nodebb version: 3.4.3

    Description

    renew install nodebb application and whole server machine, use mongodump backup and restored mongoDB data.
    Then I got this.

    Detail

    server nodebb log when I tried to login and register

    2023-11-03T08:55:23.895Z [4567/5442] - error: POST /login
invalid csrf token
2023-11-03T08:55:44.204Z [4567/5442] - error: POST /register
invalid csrf token

    executed mongo command then print

    nodebb> db.objects.update({_key: "config"}, {$set: {cookieDomain: ""}});
DeprecationWarning: Collection.update() is deprecated. Use updateOne, updateMany, or bulkWrite.
{
  acknowledged: true,
  insertedId: null,
  matchedCount: 1,
  modifiedCount: 0,
  upsertedCount: 0
}

nodebb> db.objects.updateOne({ _key: "config" }, { $set: { cookieDomain: "" } })
{
  acknowledged: true,
  insertedId: null,
  matchedCount: 1,
  modifiedCount: 0,
  upsertedCount: 0
}

    match 1 result, but modifed 0.

    PS

    I’m sorry I didn’t post the detailed information before, and I’m very grateful for your timely reply to my message.
    Now I have bound the email address for my account, and the follow-up news should be notified in time.

    小城风雨多undefined

    @小城风雨多

    Occasionally I tried to change the url in config.json from https to http.
    It works!

    Amazing!

    Thanks a lot!

    1
  • 小城风雨多undefined 小城风雨多

    @phenomlab

    Environment

    mongoDB version: 6.0.11
    nodebb version: 3.4.3

    Description

    renew install nodebb application and whole server machine, use mongodump backup and restored mongoDB data.
    Then I got this.

    Detail

    server nodebb log when I tried to login and register

    2023-11-03T08:55:23.895Z [4567/5442] - error: POST /login
invalid csrf token
2023-11-03T08:55:44.204Z [4567/5442] - error: POST /register
invalid csrf token

    executed mongo command then print

    nodebb> db.objects.update({_key: "config"}, {$set: {cookieDomain: ""}});
DeprecationWarning: Collection.update() is deprecated. Use updateOne, updateMany, or bulkWrite.
{
  acknowledged: true,
  insertedId: null,
  matchedCount: 1,
  modifiedCount: 0,
  upsertedCount: 0
}

nodebb> db.objects.updateOne({ _key: "config" }, { $set: { cookieDomain: "" } })
{
  acknowledged: true,
  insertedId: null,
  matchedCount: 1,
  modifiedCount: 0,
  upsertedCount: 0
}

    match 1 result, but modifed 0.

    PS

    I’m sorry I didn’t post the detailed information before, and I’m very grateful for your timely reply to my message.
    Now I have bound the email address for my account, and the follow-up news should be notified in time.

    phenomlabundefined

    @小城风雨多 Looking at the above, it seems you are missing the command to use nodebb for example. Otherwise, you are running the command against the admin database 🙂 Made that mistake myself before…

    Mark – Founder, Phenomlab Ltd
    Executive IT & Security Leadership
    Phenomlab Ltd

    1
  • DownPWundefined

    I have the same problem :

    DeprecationWarning: Collection.update() is deprecated. Use updateOne, updateMany, or bulkWrite.

    https://sudonix.org/assets/uploads/files/1731797498337-c502c3bd-edb9-4cbb-9dd1-f08149017d8d-image.png

    PW and WS Spirit alive

    0
  • DownPWundefined DownPW

    I have the same problem :

    DeprecationWarning: Collection.update() is deprecated. Use updateOne, updateMany, or bulkWrite.

    https://sudonix.org/assets/uploads/files/1731797498337-c502c3bd-edb9-4cbb-9dd1-f08149017d8d-image.png

    phenomlabundefined

    @DownPW Did you try the response from @小城风雨多 ?

    Mark – Founder, Phenomlab Ltd
    Executive IT & Security Leadership
    Phenomlab Ltd

    0
  • DownPWundefined

    Yep

    f2f8ea07-61e5-4a0b-90ea-af2ca8c63759-image.png

    PW and WS Spirit alive

    0
  • DownPWundefined DownPW

    Yep

    f2f8ea07-61e5-4a0b-90ea-af2ca8c63759-image.png

    phenomlabundefined

    @DownPW which version of MongoDB are you using?

    Mark – Founder, Phenomlab Ltd
    Executive IT & Security Leadership
    Phenomlab Ltd

    0
Log in to reply

Did this solution help you?
Did you find the suggested solution useful? Support 💗 Sudonix with a coffee
If your organisation needs deeper expertise around infrastructure, security, or technology leadership, learn more about Phenomlab Ltd. Many of the deeper technical guides behind Sudonix are published there.

Related Topics
  • Hariundefined

    Rename videos in bulk - linux commands

    Unsolved Tips gopro linux commands
    12
    4 Votes
    12 Posts
    2k Views
    phenomlabundefined
    @Hari Yes, that’s one (of many) I would recommend. It’s going to be easier to do this under Windows and the fact that you are already connected using SMB is a huge plus.
  • DownPWundefined

    error with v3 in browser console

    Solved Performance socket error csrf
    4
    1
    0 Votes
    4 Posts
    1k Views
    phenomlabundefined
    @DownPW it’s in relation to the response I provided above
  • phenomlabundefined

    Adding a banner to chat messages

    Tips banner custom
    38
    1
    18 Votes
    38 Posts
    7k Views
    DownPWundefined
    @phenomlab said: @DownPW Possible, yes, but not using the existing code. It would need to be changed to test for multiple entries based on two distinct widget areas. This should work (it’s already applied on your DEV server) function chatBanner() { var roomName = $("h5[component='chat/header/title']").text().trim(); var roomNameWidget = $('[id*="chat-modal"] .btn-ghost.btn-sm.dropdown-toggle').text().trim(); var bannerContent; if (roomName === "General" || roomNameWidget === "General") { bannerContent = '<div id="chatbanner"><i class="fa fa-fw fa-circle-info link-primary" aria-hidden="true"></i> Message 1. </div>'; } else if (roomName === "Support" || roomNameWidget === "Support") { bannerContent = '<div id="chatbanner"><i class="fa fa-fw fa-circle-info link-primary" aria-hidden="true"></i> Message 2.</div>'; } else if (roomName === "Info" || roomNameWidget === "Info") { bannerContent = '<div id="chatbanner"><i class="fa fa-fw fa-circle-info link-primary" aria-hidden="true"></i> Message 3</div>'; } else if (roomName === "xxxxxx" || roomNameWidget === "xxxxxx") { bannerContent = '<div id="chatbanner"><i class="fa fa-fw fa-circle-info link-primary" aria-hidden="true"></i> Message 4</div>'; } else if (roomName === "xxxxxx" || roomNameWidget === "xxxxxx") { bannerContent = '<div id="chatbanner"><i class="fa fa-fw fa-circle-info link-primary" aria-hidden="true"></i> Message 5</div>'; } else if (roomName === "xxxxxx" || roomNameWidget === "xxxxxx") { bannerContent = '<div id="chatbanner"><i class="fa fa-fw fa-circle-info link-primary" aria-hidden="true"></i> Message 6</div>'; } else { bannerContent = '<div id="chatbanner"><i class="fa fa-fw fa-circle-info link-primary" aria-hidden="true"></i> Ce canal est une discussion privée. </div>'; } var chatMessagesContainer = $('[component="chat/system-message"]:last-of-type'); //var existingMessages = $('[component="chat/message"]'); var existingMessages = $('[component="chat/composer"]'); if (existingMessages.length === 0) { // If there are no messages, append the banner to the messages container chatMessagesContainer.first().after(bannerContent); } else { // If there are messages, add the banner after the last message //existingMessages.last().after(bannerContent); existingMessages.before(bannerContent); } } Here, we are using || which is essentially an OR operator. Because we cannot know the chat room ID in advance, it is necessary to use a wildcard to track it [id*="chat-modal"] .btn-ghost.btn-sm.dropdown-toggle I see bugs with this code and chat box widget I use on my categories page What was happening NodeBB allows multiple chat windows to be open simultaneously , the widget and the full/modal-page DM view. Both exist in the DOM at the same time. The original code used global jQuery selectors like $(‘[component=“chat/composer”]’) which scanned the entire page and found elements from both chat windows at once. When you opened “XY” caht while “XXY” was still open in the widget, the selectors would pick up the wrong room name or inject the banner into the wrong window. The key discovery was that the action:chat.loaded event passes the modal DOM element directly as data. By wrapping it in $(data) and using $modal.find(…) for every selector, all queries are scoped exclusively to the correct modal, making it impossible for two open chat windows to interfere with each other. FIX code (to adapt to your rooms) : function chatBanner(modalElement) { var $modal = $(modalElement); $modal.find('#chatbanner').remove(); var roomName = $modal.find('[component="chat/room/name"]').text().trim(); if (!roomName) { var placeholder = $modal.find('[component="chat/input"]').attr('placeholder') || ''; roomName = placeholder.replace(/^Message #?/, '').trim(); } var bannerContent; if (roomName === "General") { bannerContent = '<div id="chatbanner"><i class="fa fa-fw fa-circle-info link-primary" aria-hidden="true"></i> Chat message banner</div>'; } else if (roomName === "xxxxxxxxxx") { bannerContent = '<div id="chatbanner"><i class="fa fa-fw fa-circle-info link-primary" aria-hidden="true"></i> Chat message banner</div>'; } else if (roomName === "xxxxxxxxxx") { bannerContent = '<div id="chatbanner"><i class="fa fa-fw fa-circle-info link-primary" aria-hidden="true"></i> Chat message banner</div>'; } else if (roomName === "xxxxxxxxxx") { bannerContent = '<div id="chatbanner"><i class="fa fa-fw fa-circle-info link-primary" aria-hidden="true"></i> Chat message banner</div>'; } else if (roomName === "xxxxxxxxxx") { bannerContent = '<div id="chatbanner"><i class="fa fa-fw fa-circle-info link-primary" aria-hidden="true"></i> Chat message banner</div>'; } else if (roomName === "Les geeks de l'espace") { bannerContent = '<div id="chatbanner"><i class="fa fa-fw fa-circle-info link-primary" aria-hidden="true"></i> Chat message banner</div>'; } else { bannerContent = '<div id="chatbanner"><i class="fa fa-fw fa-circle-info link-primary" aria-hidden="true"></i> Chat message banner</div>'; } $modal.find('[component="chat/composer"]').first().before(bannerContent); } $(window).on('action:chat.loaded', function(ev, data) { chatBanner(data); });
  • phenomlabundefined

    Unable to change icon in NodeBB navigation

    Tips navigation nodebb
    1
    7
    1 Votes
    1 Posts
    544 Views
    No one has replied
  • phenomlabundefined

    View / terminate multiple instances of a process in Windows

    Tips taskkill processes windows
    2
    1
    2 Votes
    2 Posts
    879 Views
    phenomlabundefined
    As an aside to this, there is also the command of tasklist which will provide a list of processes running on your machine, or a remote machine you are looking to query. [image: 1678806102692-000a408c-cc7e-450f-8e5e-bed9a4238a05-image.png] There is also a useful list of switches below, plus the ability to format into a table, or CSV. https://ss64.com/nt/tasklist.html
  • phenomlabundefined

    Killing Linux Zombie Processes

    Tips zombie linux
    3
    7
    2 Votes
    3 Posts
    1k Views
    phenomlabundefined
    @DownPW odd indeed. Looks like it’s spawning, immediately dying, then spawning again.
  • phenomlabundefined

    Simple bash website monitoring script

    Moved Tips monitoring
    2
    4 Votes
    2 Posts
    775 Views
    crazycellsundefined
    @phenomlab this is useful thanks
  • phenomlabundefined

    Google Authenticator for 2FA

    Tips tips 2fa
    7
    6 Votes
    7 Posts
    1k Views
    phenomlabundefined
    @crazycells yes, this is something I see on a daily basis and despite how shockingly simple it is to conduct SIM jacking, it seems that several of the USA based banks are reluctant to switch to at least TOTP in the same sense as the USA has been extremely slow to adopt chip and pin - something Europe has been making use of for years. And they wonder why cheque and wire fraud is rife in America.