Log error: "Can't verify CSRF token authenticity"


(Marco) #1

I am receiving lots of this error in the log.

What could it be?


(Jeff Atwood) #2

Check the tabs at the bottom, is it for the URL /topics/timings ? This just means some kind of network error between the user and the site, as if they were on mobile and lost the signal.

@sam we should probably suppress these, as there are a lot of them… and they are meaningless.


(Sam Saffron) #3

Something weird is going on, we are getting CSRF issue on /posts/timing on meta which is an API we control.

Need to investigate cause the side effect of this error is that posts are not marked read.


(Marco) #4

Not sure what you mean, at the bottom I have this:

edit:
Clicking on an error, then env tab:

HTTP_HOST: rasando.it
REQUEST_URI: /topics/timings
REQUEST_METHOD: POST
HTTP_USER_AGENT: Mozilla/5.0 (Linux; Android 4.4.2; LG-D802 Build/KOT49I.D80220c) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36
HTTP_ACCEPT: */*
HTTP_REFERER: http://rasando.it/t/marzo-2015/327/45
HTTP_X_FORWARDED_FOR: 87.1.235.67
HTTP_X_REAL_IP: 87.1.235.67

params:
  timings: null
  topic_time: 3238
  topic_id: 327Share Protect

(Dean Taylor) #5

This topic has been created before:

I specifically mentioned this only occurs for mobile users for me:

I’ve also updated commented on stating my thoughts on why this happens:


(Jeff Atwood) #6