Log error: "Can't verify CSRF token authenticity"

I am receiving lots of this error in the log.

What could it be?

Check the tabs at the bottom, is it for the URL /topics/timings ? This just means some kind of network error between the user and the site, as if they were on mobile and lost the signal.

@sam we should probably suppress these, as there are a lot of them… and they are meaningless.

Something weird is going on, we are getting CSRF issue on /posts/timing on meta which is an API we control.

Need to investigate cause the side effect of this error is that posts are not marked read.

3 Likes

Not sure what you mean, at the bottom I have this:

edit:
Clicking on an error, then env tab:

HTTP_HOST: rasando.it
REQUEST_URI: /topics/timings
REQUEST_METHOD: POST
HTTP_USER_AGENT: Mozilla/5.0 (Linux; Android 4.4.2; LG-D802 Build/KOT49I.D80220c) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36
HTTP_ACCEPT: */*
HTTP_REFERER: http://rasando.it/t/marzo-2015/327/45
HTTP_X_FORWARDED_FOR: 87.1.235.67
HTTP_X_REAL_IP: 87.1.235.67

params:
  timings: null
  topic_time: 3238
  topic_id: 327Share Protect

This topic has been created before:
https://meta.discourse.org/t/cant-verify-csrf-token-authenticity/25568?u=deanmarktaylor

I specifically mentioned this only occurs for mobile users for me:
https://meta.discourse.org/t/cant-verify-csrf-token-authenticity/25568/5?u=deanmarktaylor

I’ve also updated commented on stating my thoughts on why this happens:
https://meta.discourse.org/t/cant-verify-csrf-token-authenticity/25568/13?u=deanmarktaylor