Defect #34214

Can't verify CSRF token authenticity

Added by Adriano Bellia 12 months ago. Updated 11 months ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:-% Done:


Category:Ruby support
Target version:-
Resolution: Affected version:4.0.3


I'm embeeding a Redmine page inside a Sharepoint iframe.
It has always worked in the last months, from one month, more or less, when I try to login in Redmine through this page I receive the "Can't verify CSRF token authenticity" error. From outside everything works.

I tried adding the self.allow_forgery_protection = false in the application.rb file, but now, just in the embeeded login page, after putting the credentials I return to the login page. In the redmine log it tells that I'm succesfully loggin in but nothing happens.

Any suggestion ?

Redmine version 4.0.3.stable
Ruby version 2.5.5-p157 (2019-03-15) [x86_64-linux]
Rails version
Environment production
Database adapter Mysql2
Mailer queue ActiveJob::QueueAdapters::AsyncAdapter
Mailer delivery smtp
Subversion 1.12.0
Git 2.19.1
Redmine plugins:
nuova_issue 0.0.2
redmine_add_ldap_user_to_group 0.1.0
redmine_auto_assign_group 0.1.1
redmine_editauthor 0.11.0
view_customize 2.5.0


#1 Updated by Adriano Bellia 11 months ago

  • Status changed from New to Resolved

For now in my environment it seems resolved.

What I did is changing the called URL in the embeeding page. They are in the same domain but I was calling just the site name and the browser was giving error on the certificate

#2 Updated by Holger Just 11 months ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF