Project

General

Profile

Forums » Help »

Getting error logging into application (Invalid form authenticity token) on Redmine v5.0.5

Added by Brett Ussher 8 months ago

Hey, folks;

I am attempting to move my current redmine implementation to a new server and upgrade the version from v4.1.1.2 to v5.0.5. I've already done my DEV server and it is working great. However, when I setup the production, I see an error upon logging in:

Invalid form authenticity token

in the production.log, I see the following:

I, [2023-09-08T10:26:11.153362 #34411]  INFO -- : [5cca5ca5-9b07-4416-88a5-2110371c4802] Started POST "/login" for 10.253.0.14 at 2023-09-08 10:26:11 -0500
I, [2023-09-08T10:26:11.154336 #34411]  INFO -- : [5cca5ca5-9b07-4416-88a5-2110371c4802] Processing by AccountController#login as HTML
I, [2023-09-08T10:26:11.154433 #34411]  INFO -- : [5cca5ca5-9b07-4416-88a5-2110371c4802]   Parameters: {"utf8"=>"✓", "authenticity_token"=>"<my token>", "back_url"=>"/", "username"=>"user@domain.com", "password"=>"[FILTERED]", "login"=>"Login"}
W, [2023-09-08T10:26:11.155051 #34411]  WARN -- : [5cca5ca5-9b07-4416-88a5-2110371c4802] Can't verify CSRF token authenticity.
E, [2023-09-08T10:26:11.155205 #34411] ERROR -- : [5cca5ca5-9b07-4416-88a5-2110371c4802] ActionController::InvalidAuthenticityToken: ActionController::InvalidAuthenticityToken
I, [2023-09-08T10:26:11.160808 #34411]  INFO -- : [5cca5ca5-9b07-4416-88a5-2110371c4802]   Rendered common/error.html.erb within layouts/base (Duration: 0.6ms | Allocations: 257)
I, [2023-09-08T10:26:11.167277 #34411]  INFO -- : [5cca5ca5-9b07-4416-88a5-2110371c4802]   Rendered layout layouts/base.html.erb (Duration: 7.1ms | Allocations: 4635)
I, [2023-09-08T10:26:11.167474 #34411]  INFO -- : [5cca5ca5-9b07-4416-88a5-2110371c4802] Filter chain halted as :verify_authenticity_token rendered or redirected
I, [2023-09-08T10:26:11.167615 #34411]  INFO -- : [5cca5ca5-9b07-4416-88a5-2110371c4802] Completed 422 Unprocessable Entity in 13ms (Views: 9.1ms | ActiveRecord: 0.9ms | Allocations: 6519)

I've been around Google and find this error with other users, but always for very old versions of Redmine and none of the solutions listed are either appropriate for my version or just don't work. What causes this issue? How do I stop it?

I'm running the following server:

Ubuntu 22.04


Replies (1)

RE: Getting error logging into application (Invalid form authenticity token) on Redmine v5.0.5 - Added by Brett Ussher 8 months ago

I figured it out. With HSTS and header flags like HTTPOnly and the Secure Flag becoming more necessary in organizations, I setup an apache2 conf file that turns all that stuff on by default. But, if you have not setup your SSL cert against the redmine server yet, then when you log in, you get this error. I disabled my custom apache2 conf file and everything started working. Once I get SSL setup (which will happen during services switch-over) I enable the conf file again.

    (1-1/1)