Vagrant login fails with 'unknown error' caused by CSRF

(Benjamin Kampmann) #1

Hey folks,

pulling latest changes of master onto my development machine and running it from vagrant, I seem to not be able to log into the discourse instance any more. It fails with some CSRF-token issue although the UI seems to be fetching exactly that. But all I get is “unknown error”:

Here is the entire output:

[vagrant@precise32:/vagrant (master)]$ rails s
=> Booting Thin
=> Rails 4.1.8 application starting in development on
=> Run `rails server -h` for more startup options
=> Notice: server is listening on all interfaces ( Consider using (--binding option)
=> Ctrl-C to shutdown server
Thin web server (v1.6.2 codename Doc Brown)
Maximum connections set to 1024
Listening on, CTRL+C to stop
D, [2015-01-12T11:34:48.039699 #4165] DEBUG -- :
D, [2015-01-12T11:34:48.040763 #4165] DEBUG -- :
I, [2015-01-12T11:34:48.041537 #4165]  INFO -- : Started GET "/session/csrf?_=1421079762710" for at 2015-01-12 11:34:48 -0500
D, [2015-01-12T11:34:48.485243 #4165] DEBUG -- :   ActiveRecord::SchemaMigration Load (1.6ms)  SELECT "schema_migrations".* FROM "schema_migrations"
I, [2015-01-12T11:34:48.723310 #4165]  INFO -- : Processing by SessionController#csrf as */*
I, [2015-01-12T11:34:48.726360 #4165]  INFO -- :   Parameters: {"_"=>"1421079762710"}
I, [2015-01-12T11:34:49.860057 #4165]  INFO -- : Completed 200 OK in 1131ms (Views: 0.9ms | ActiveRecord: 0.0ms)
D, [2015-01-12T11:34:49.880302 #4165] DEBUG -- :
D, [2015-01-12T11:34:49.880599 #4165] DEBUG -- :
I, [2015-01-12T11:34:49.881073 #4165]  INFO -- : Started POST "/session" for at 2015-01-12 11:34:49 -0500
I, [2015-01-12T11:34:50.073285 #4165]  INFO -- : Processing by SessionController#create as */*
I, [2015-01-12T11:34:50.077437 #4165]  INFO -- :   Parameters: {"login"=>"eviltrout", "password"=>"[FILTERED]"}
W, [2015-01-12T11:34:50.080766 #4165]  WARN -- : Can't verify CSRF token authenticity
I, [2015-01-12T11:34:50.096167 #4165]  INFO -- :   Rendered text template (0.1ms)
I, [2015-01-12T11:34:50.100482 #4165]  INFO -- : Filter chain halted as :verify_authenticity_token rendered or redirected
I, [2015-01-12T11:34:50.103962 #4165]  INFO -- : Completed 403 Forbidden in 23ms (Views: 16.3ms | ActiveRecord: 0.0ms)

Did latest bundle install and am on a clean latest vanilla master. Any idea(s) how to fix this? Or at least a hint of what might be broken?

403 Forbidden on Logins (started after update to latest version)
(Benjamin Kampmann) #2

for the record, I also tried the jatwood account and it doesn’t work either.

(Benjamin Kampmann) #3

It appears that my browser didn’t accept cookies from that domain. Reactivating cookies login works again…

(Régis Hanol) #4