Synology DSM & Docker: Invalid form authenticity token.
Added by Holger Seiberlich over 7 years ago
Hi,
I've tried to change my redmine configuration, so I can use it with a DSM reverse proxy (after entering credentials, it would jump away from the custom port to the default WebStation SSL port). I changed REDMINE_PORT to 10445 and back to 30002, but since then, I can no longer log in:
With the default settings, production.log shows this:
Started GET "/login" for 127.0.0.1 at 2016-11-09 17:54:12 +0000
Processing by AccountController#login as HTML
Current user: anonymous
Rendered account/login.html.erb within layouts/base (77.2ms)
Completed 200 OK in 629ms (Views: 500.3ms | ActiveRecord: 10.8ms)
Started POST "/login" for 127.0.0.1 at 2016-11-09 17:54:22 +0000
Processing by AccountController#login as HTML
Parameters: {"utf8"=>"<E2><9C><93>", "authenticity_token"=>"BG1yw3zH9YaIuBUNsubz+Wu/Oj6qGpYTsoacpqHW5TOMIqoloHX942hzmkgy/G
nbAD6F88CSeZWP2zBE2mxwpw==", "back_url"=>"http://192.168.1.10:30002/", "username"=>"userName", "password"=>"[FILTERED]", "lo
gin"=>"Anmelden <C2><BB>"}
Can't verify CSRF token authenticity
Rendered common/error.html.erb within layouts/base (1.8ms)
Filter chain halted as :verify_authenticity_token rendered or redirected
Completed 422 Unprocessable Entity in 25ms (Views: 18.1ms | ActiveRecord: 0.8ms)
The web browser shows a 422 error:
Invalid form authenticity token.
I then throw security to the wind an modify application.rb to include this line:
[code]config.action_controller.allow_forgery_protection = false[/code]
Upon clicking login Redmine doesn't log me in, but shows no error. See production.log:
Completed 200 OK in 37ms (Views: 21.7ms | ActiveRecord: 4.7ms)
Started GET "/login" for 127.0.0.1 at 2016-11-09 05:46:20 +0000
Processing by AccountController#login as HTML
Current user: anonymous
Rendered account/login.html.erb within layouts/base (2.7ms)
Completed 200 OK in 23ms (Views: 15.7ms | ActiveRecord: 1.5ms)
Started POST "/login" for 127.0.0.1 at 2016-11-09 05:46:36 +0000
Processing by AccountController#login as HTML
Parameters: {"utf8"=>"<E2><9C><93>", "back_url"=>"http://192.168.1.10:30002/projects", "username"=>"userName", "password"="[FILTERED]", "login"=>"Anmelden <C2><BB>"}
Current user: anonymous
Successful authentication for 'userName' from 127.0.0.1 at 2016-11-09 05:46:37 UTC
Redirected to http://192.168.1.10:30002/projects
Completed 302 Found in 57ms (ActiveRecord: 46.6ms)
Started GET "/projects" for 127.0.0.1 at 2016-11-09 05:46:37 +0000
Processing by ProjectsController#index as HTML
Current user: anonymous
Rendered projects/index.html.erb within layouts/base (11.9ms)
Completed 200 OK in 37ms (Views: 21.3ms | ActiveRecord: 4.8ms)
Do you have any ideas what could be going wrong?
Thanks,
Holger