Top Menu

Jump to content
Home
    Modules
      • Projects
      • Activity
      • Work packages
      • Gantt charts
      • Calendars
      • Team planners
      • Boards
      • News
    • Getting started
    • Introduction video
      Welcome to OpenProject Community
      Get a quick overview of project management and team collaboration with OpenProject. You can restart this video from the help menu.
    • Help and support
    • Upgrade to Enterprise edition
    • User guides
    • Videos
    • Shortcuts
    • Community forum
    • Enterprise support
    • Additional resources
    • Data privacy and security policy
    • Digital accessibility (DE)
    • OpenProject website
    • Security alerts / Newsletter
    • OpenProject blog
    • Release notes
    • Report a bug
    • Development roadmap
    • Add and edit translations
    • API documentation
  • Sign in
      Forgot your password?

      or sign in with your existing account

      Google

Side Menu

  • Overview
  • Activity
    Activity
  • Roadmap
  • Work packages
    Work packages
  • Gantt charts
    Gantt charts
  • Calendars
    Calendars
  • Team planners
    Team planners
  • Boards
    Boards
  • News
  • Forums

Content

Support Installation & Updates
  1. OpenProject
  2. Forums
  3. Support Installation & Updates
  4. Debian 10 "Buster": CSRF Failure 422 with initial login admin/admin

Debian 10 "Buster": CSRF Failure 422 with initial login admin/admin

Added by Ian Hubbertz almost 6 years ago

I have a fresh install of openproject in Debian 10 (using the repo deb https://dl.packager.io/srv/deb/opf/openproject/dev/debian 10 main. 

When trying to log in with admin / admin (or trying to register as new user), there is an error that the CSRF token cannot be validated:

[Fehler 422] Das Cross-Site Request Forgery Token konnte nicht verfiziert werden.

What are possible causes for this problem? What can I do enable some logging?

Configuration is without SSL (yet) using the apacha as installed from the installer openproject reconfigure.


Replies (1)

RE: Debian 10 "Buster": CSRF Failure 422 with initial login admin/admin - Added by Oliver Günther almost 6 years ago

Please first note that you are installing unstable dev packages which are only meant for testing.

You have likely configured something that results in the Rails server responding with either

  • https through the SERVER_PROTOCOL or Protocol setting in the system settings set to https, but your server is not actually terminating SSL/TLS yet.
  • A different domain in SERVER_HOSTNAME or Host name setting in the system settings for which the cookies are being generated

What does your setup and configuration fromopenproject config look like (redact all password values from that output before publishing here)

Best,

Oliver

  • (1 - 1/1)
Loading...