Login - Can't verify CSRF token authenticity


(Steve Ng) #1

Hi, when I am logging in, sometimes I get this error. It would result in me unable to login at all. Any idea how does this error come from?

This result in the inability to even login to discourse.

I, [2016-03-17T17:05:20.078871 #4141]  INFO -- : Started POST "/session" for 127.0.0.1 at 2016-03-17 17:05:20 +0800
I, [2016-03-17T17:05:20.134365 #4141]  INFO -- : Processing by SessionController#create as */*
I, [2016-03-17T17:05:20.136184 #4141]  INFO -- :   Parameters: {"login"=>"xx@gmail.com", "password"=>"[FILTERED]"}
W, [2016-03-17T17:05:20.137855 #4141]  WARN -- : Can't verify CSRF token authenticity
I, [2016-03-17T17:05:20.139322 #4141]  INFO -- :   Rendered text template (0.0ms)
I, [2016-03-17T17:05:20.140774 #4141]  INFO -- : Filter chain halted as :verify_authenticity_token rendered or redirected
I, [2016-03-17T17:05:20.142685 #4141]  INFO -- : Completed 403 Forbidden in 5ms (Views: 1.6ms | ActiveRecord: 0.0ms)

Can't Login to Discourse - CSRF Token Authenticity
403 Forbidden on Logins (started after update to latest version)
(Steve Ng) #2

For the reference of the other folks who might have this problem:

I have initially set config.assets.prefix = ‘/’

Changing the asset directory to anything but / would solve this.