Added by Robert Ferry over 5 years ago
New installation on Ubuntu 18.04 Apache server. Everything works perfectly in Microsoft Edge browser, but I'm unable to login using Chrome browser. I get the following message:
[Error 422] Unable to verify Cross-Site Request Forgery token. Did you try to submit data on multiple browsers or tabs? Please close all tabs and try again.
Cleared cache multiple times, restarted with fresh single-tab browser. No luck. Any ideas appreciated.
Thanks!
Replies (6)
Hi Robert,
what does your setup look like? Do you terminate SSL/TLS on the apache server? Could you share your
/etc/openproject/installer.datcontents (remove any passwords within).Best,
Oliver
Thanks Oliver.
UPDATE: If I don't use the pull-down login area, but rather force the [site]/login page by pasting a locked-down project URL into the browser, then I can log in fine in Chrome. Very odd.
UPDATE: Email is odd, not sending from the application for forgotten password. New users get notification just fine.
I suspect it may be SSL issue as well but I don't know what the root cause is.
A check on this site returns good marks from what I can tell (overall A rating). The one thing it calls out has to do with SNI.
https://www.ssllabs.com/ssltest/analyze.html
I've checked the site on Firefox and it works well without this issue. Safari has the same issue that Chrome has.
/etc/openproject/installer.dat
postgres/retry ignore
[there are many empty carriage returns here that I've removed...]
postgres/autoinstall reuse
postgres/db_host localhost
postgres/db_port 5432
postgres/db_username [redacted]
postgres/db_password [redacted]
postgres/db_name openproject
server/autoinstall skip
smtp/autoinstall smtp
smtp/authentication login
smtp/host smtp.gmail.com
smtp/port 587
smtp/username [redacted]@gmail.com
smtp/password [redacted]
smtp/domain gmail.com
smtp/admin_email [redacted]@gmail.com
memcached/autoinstall install
server/hostname projects.landartgenerator.org
server/ssl yes
Hi
We are trying to run Docker with external Postgres DB and we are encountering this
OpenProject version: 10.4.1 (we tried new version also)
docker run -it -p 9092:80 -e DATABASE_URL="postgresql://userName:Password@ServerHostName:5432/openproject" openproject/community:10.4.1I am running into the exact same symptoms as the original poster (Robert), on my self-installed instance of openproject. I am able to login with firefox (from any machine), but not chrome.
When logging in via chrome, I get the same error as the other posters: ([Error 422] Unable to verify Cross-Site Request Forgery token. Did you try to submit data on multiple browsers or tabs? Please close all tabs and try again.) If, while logged in on the same machine via a firefox browser, I copy and paste the url of a project page from my firefox browser to my chrome browser, chrome suddenly acts as if I have successfully logged in (the page just works, there is not prompt to log in). If I log out from my firefox browser, all is well with chrome, until, of course, I log out (of the chrome instance) and then try to log back in.
A little about my installation:
openproject v11.0.0
server os: ubuntu server 20.04.1 LTS
I am running openproject with ssl (and am terminating ssl at the Apache server).
apache2 server
While installing openproject to my server, I manually configured it for apache. I did not let the install wizard setup apache, as I could never (after a long bout of troubleshooting) get openproject's auto apache configuration to not mess up my nextcloud installation on the same server (never figured out what was making nextcloud unhappy - but that's a separate issue).
UPDATE
Figured it out. : ) : ) : )
SSL is terminating (being decrypted) by my Apache server. I am a novice and was confused by openproject's setup guide https://docs.openproject.org/installation-and-operations/installation/packaged/#step-2-apache2-web-server Under the External SSL/TLS termination heading of the guide (towards the bottom of the instructions), there is a highlighted section stating: "If you terminate SSL externally before the request hits the OpenProject server, you need to follow the following instructions to avoid errors in routing. If you want to use SSL on the server running OpenProject, skip this section." As a noob, I misunderstood this section to be intended for special situations (like a setup that uses an external SSL load balancer or some other peace of external hardware) and did not realize that this applied to my setup (it did not occur to me, that "externaly" still meant within the same physical machine/server, i.e. that the "external server" was simply my Apache server). Had I been able to use openproject's installation wizard to configure Apache, it would have handled setting all of this for me but, as mentioned in the first part of my post, that was not an option for me. I configured Apache and the proxy passthroughs manually.
In doing so, I missed two steps (there is more to getting openproject to work with SSL, but these are the two steps that I had not completed):
1. In my Apache vhost file (mine lives here: /etc/apache2/sites-available/openproject.conf), I had to add the following line (I believe it can live anywhere under the <VirtualHost *:443> section.) :
RequestHeader set X-Forwarded-Proto "https"See my vhost config file, below, for reference.After adding that line, I then restarted apache.
In my case, I had one last step to complete (it was actually in troubleshooting the next step, as part of a separate issue, that I ultimately came across the answer to this whole problem. When setting up the server via the web portal, I had continuously encountered and error when trying to set the sites protocol to https via my amin settings page in the web browser. Whenever I set the protocol to https, I was getting a warning message plastered at the bottom of my web browser telling me that my system was listening for https but was getting http requests instead - adding the
RequestHeader set X-Forwarded-Proto "https"to my openproject apache vhost file made this warning go away).2. I had to login to openproject through a web browser using my admin account. Under Administration > Settings > General (you can also find this page by adding "/settings/general" to your base url - i.e. yourdomain.com/settings/general), there is a setting called "protocol." This needs to be set to https.
After that, I was able to login with Chrome and Safari.
For more information, also read https://docs.openproject.org/installation-and-operations/configuration/ssl/
For any other novices, like myself, here, for reference, is my apache vhost file for openproject that is working with my current (manually configured) Apache2 server, running with SSL (of course, you would replace all instances of enter.yourdomain.com with your own server's url. Also, at the bottom, my SSL certificates were created by lets encrypt, as described in https://docs.openproject.org/installation-and-operations/configuration/ssl/. Your situation/setup may vary)
Include /etc/openproject/addons/apache2/includes/server/*.conf <VirtualHost *:80> ServerName enter.yourdomain.com DocumentRoot /opt/openproject/public RewriteEngine On RewriteRule ^/?(.*) https://%{SERVER_NAME}:443/$1 [R,L] RewriteCond %{SERVER_NAME} =enter.yourdomain.com RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] </VirtualHost> <VirtualHost *:443> ServerName enter.yourdomain.com DocumentRoot /opt/openproject/public ErrorLog ${APACHE_LOG_DIR}/openproject.error CustomLog ${APACHE_LOG_DIR}/openproject.access combined <Directory /opt/openproject/public/> Require all granted Options FollowSymlinks MultiViews AllowOverride All <IfModule mod_dav.c> Dav off </IfModule> SetEnv HOME /opt/openproject/public SetEnv HTTP_HOME /opt/openproject/public Satisfy Any </Directory> RequestHeader set X-Forwarded-Proto "https" ProxyRequests off Include /etc/openproject/addons/apache2/includes/vhost/*.conf # Can't use Location block since it would overshadow all the other proxypass directives on CentOS ProxyPass / http://127.0.0.1:6000/ retry=0 ProxyPassReverse / http://127.0.0.1:6000/ SSLCertificateFile /etc/letsencrypt/live/enter.yourdomain.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/enter.yourdomain.com/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf SSLUseStapling on </VirtualHost> <IfModule mod_ssl.c> SSLStaplingCache shmcb:/var/run/apache2/stapling_cache(128000) </IfModule>Hi Greg, Thanks a lot for sharing your insights here! That's really helpful.
Kind regards
Matthias
Super thumbs up. This sorted it on my Ubunutu 20.04 install! :-)