Sudden HTTP 403 errors with Discourse Docker ("BAD CSRF")

claas · 22.Декабрь.2024 21:07:28

We’re using Discourse Docker and getting HTTP 403 since yesterday (2024-12-21) when trying to login or (for those already logged in) to post a message. The error response is ["BAD CSRF"], which makes me think this security fix may have caused this regression:

Is anybody else experiencing these?

PS: The Discourse instance exists since 2020, and is updated automatically every night.

claas · 22.Декабрь.2024 21:08:37

Maybe this will fix it in 3.3.4?

See also:

sam · 22.Декабрь.2024 23:23:25

Can you try it out?

claas · 24.Декабрь.2024 09:54:43

@sam Thank you, I just verified and I can log in again in 3.3.3 + 1, so the PR mentioned above resolved the issue.

j.jaffeux · 25.Декабрь.2024 20:05:24

Thanks for checking!

Тема		Ответов	Просм.
Discourse admin login throws 403 ["BAD CSRF"] error Support	5	1719	15.09.2020
403 Forbidden on Logins (started after update to latest version) Support	6	3772	11.11.2016
CSRF login error after upgrade to 2.5.0.beta4 Support	12	1557	09.06.2020
[HELP] Cannot login, error shows "BAD CSRF" Support	31	4129	03.07.2024
Users can't sign in due to 403 error Self-hosting	13	4089	08.06.2024

Sudden HTTP 403 errors with Discourse Docker ("BAD CSRF")

Связанные темы