"The CSRF token is invalid. Please sign in and try again." Diaspora sign in

stevesullam 2020-06-24 12:37:34 UTC #1

Keywords: LAPP/MAPP/WAPP - Virtual Machines - Technical issue - Permissions
bnsupport ID: 20200624-122941-23437
Description:
I am using the bitnami diaspora virtual machine configured as a name based reverse proxy behind my main web server and it won't let you sign in with most web browsers. On the diaspora forums it instructs to disable headers which I have tried with no luck so far under here /opt/bitnami/apache2/conf/httpd.conf

gongomgra 2020-06-25 08:45:59 UTC #2

Hi @stevesullam,

Thanks for using Bitnami. Can you give us more information about your issue? Which headers are you trying to disable? Can you also follow the next guide about how to run the bnsupport tool? The code you added is not a valid descriptor.

How to Run the Bitnami Support Tool in a cloud image or virtual machine

Please note that you need to paste the code ID that is shown at the end.

stevesullam 2020-06-26 06:28:53 UTC #3

Google Drive link removed by the Bitnami team after saving the information. [EDITED]

gongomgra 2020-06-26 08:54:19 UTC #4

Hi @stevesullam,

I can't download the file you shared. Can you check it and send me a private message with the download link? I sent you a private message so you only need to reply there

stevesullam 2020-06-26 12:50:52 UTC #6

Sorry if this seems like a stupid question, but so far I have not found a way on here to send you the link privately. Could you please instruct me on this step. regards, S

stevesullam 2020-06-26 19:08:20 UTC #7

I keep checking back here, looking for areply. I need a email to send the zip of the log.

gongomgra 2020-06-29 08:37:37 UTC #9

Hi @stevesullam,

Thanks for the bnsupport bundle. Unfortunately, I don't have access to the Diaspora's log files. Can you check them at /opt/bitnami/apps/diaspora/htdocs/log?

stevesullam 2020-06-29 18:54:55 UTC #10

I sent you the logs in the messages

stevesullam 2020-06-29 21:50:15 UTC #11

Bro, I need some help with this. This cool bitnami virtual machine isn't of much use if no one can log into it.

gongomgra 2020-06-30 09:20:49 UTC #12

Hi @stevesullam,

Thanks for the logs. I checked them, but I don't see any error related to CSRF. All I see is this error message:

[2020-06-28T00:00:12] INFO  PID-28429 TID-47165636137660 Rails: Started GET "/poco" for 116.202.43.230 at 2020-06-28 00:00:12 +0000
[2020-06-28T00:00:12] FATAL PID-28429 TID-47165636137660 Rails:
[2020-06-28T00:00:12] FATAL PID-28429 TID-47165636137660 Rails: ActionController::RoutingError (No route matches [GET] "/poco"):
[2020-06-28T00:00:12] FATAL PID-28429 TID-47165636137660 Rails:
[2020-06-28T00:00:12] FATAL PID-28429 TID-47165636137660 Rails: vendor/bundle/ruby/2.4.0/gems/actionpack-5.2.4.1/lib/action_dispatch/middleware/debug_exceptions.rb:65:in `call'
vendor/bundle/ruby/2.4.0/gems/actionpack-5.2.4.1/lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'
vendor/bundle/ruby/2.4.0/gems/railties-5.2.4.1/lib/rails/rack/logger.rb:38:in `call_app'
vendor/bundle/ruby/2.4.0/gems/railties-5.2.4.1/lib/rails/rack/logger.rb:28:in `call'
vendor/bundle/ruby/2.4.0/gems/actionpack-5.2.4.1/lib/action_dispatch/middleware/remote_ip.rb:81:in `call'
vendor/bundle/ruby/2.4.0/gems/request_store-1.5.0/lib/request_store/middleware.rb:19:in `call'
vendor/bundle/ruby/2.4.0/gems/actionpack-5.2.4.1/lib/action_dispatch/middleware/request_id.rb:27:in `call'
vendor/bundle/ruby/2.4.0/gems/rack-2.2.2/lib/rack/method_override.rb:24:in `call'
vendor/bundle/ruby/2.4.0/gems/rack-2.2.2/lib/rack/runtime.rb:22:in `call'
vendor/bundle/ruby/2.4.0/gems/activesupport-5.2.4.1/lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'
vendor/bundle/ruby/2.4.0/gems/actionpack-5.2.4.1/lib/action_dispatch/middleware/executor.rb:14:in `call'
vendor/bundle/ruby/2.4.0/gems/rack-2.2.2/lib/rack/sendfile.rb:110:in `call'
vendor/bundle/ruby/2.4.0/gems/secure_headers-6.3.0/lib/secure_headers/middleware.rb:11:in `call'
vendor/bundle/ruby/2.4.0/gems/rack-cors-1.1.1/lib/rack/cors.rb:100:in `call'
vendor/bundle/ruby/2.4.0/gems/railties-5.2.4.1/lib/rails/engine.rb:524:in `call'
vendor/bundle/ruby/2.4.0/gems/railties-5.2.4.1/lib/rails/railtie.rb:190:in `public_send'
vendor/bundle/ruby/2.4.0/gems/railties-5.2.4.1/lib/rails/railtie.rb:190:in `method_missing'
vendor/bundle/ruby/2.4.0/gems/rack-2.2.2/lib/rack/deflater.rb:44:in `call'
passenger (5.3.7) src/ruby_supportlib/phusion_passenger/rack/thread_handler_extension.rb:97:in `process_request'
passenger (5.3.7) src/ruby_supportlib/phusion_passenger/request_handler/thread_handler.rb:149:in `accept_and_process_next_request'
passenger (5.3.7) src/ruby_supportlib/phusion_passenger/request_handler/thread_handler.rb:110:in `main_loop'
passenger (5.3.7) src/ruby_supportlib/phusion_passenger/request_handler.rb:415:in `block (3 levels) in start_threads'
passenger (5.3.7) src/ruby_supportlib/phusion_passenger/utils.rb:113:in `block in create_thread_and_abort_on_exception'
vendor/bundle/ruby/2.4.0/gems/logging-2.2.2/lib/logging/diagnostic_context.rb:474:in `block in create_with_logging_context'

Do you know what the /poco URI is? I think it is a good idea to ask about the CSRF issue in the official Diaspora forums for help on how to debug it

Bitnami provides free all-in-one installers, virtual machines and cloud images for popular open source applications. Get them now!