Sudden HTTP 403 errors with Discourse Docker ("BAD CSRF")

claas · December 22, 2024, 9:07pm

We’re using Discourse Docker and getting HTTP 403 since yesterday (2024-12-21) when trying to login or (for those already logged in) to post a message. The error response is ["BAD CSRF"], which makes me think this security fix may have caused this regression:

Is anybody else experiencing these?

PS: The Discourse instance exists since 2020, and is updated automatically every night.

claas · December 22, 2024, 9:08pm

Maybe this will fix it in 3.3.4?

See also:

sam · December 22, 2024, 11:23pm

Can you try it out?

claas · December 24, 2024, 9:54am

@sam Thank you, I just verified and I can log in again in 3.3.3 + 1, so the PR mentioned above resolved the issue.

joffreyjaffeux · December 25, 2024, 8:05pm

Thanks for checking!

Topic		Replies	Views
Discourse admin login throws 403 ["BAD CSRF"] error Support	5	1607	September 15, 2020
[HELP] Cannot login, error shows "BAD CSRF" Support	31	3927	July 3, 2024
Users can't sign in due to 403 error Installation	13	3976	June 8, 2024
Discourse login "unknown error" with socketed operation Installation	0	470	March 29, 2022
Discourse partially loaded and 404 errors from some css, js, svg files Installation	3	2189	April 4, 2020

Sudden HTTP 403 errors with Discourse Docker ("BAD CSRF")

Related topics