Join us on Discord! We now have an official Discord server for OpenFLIXR: https://discord.gg/PcCErTQ , these forums will continue to operate as normal.

[SOLVED] Monit - Invalid CSRF Token

Getting the error below any time I attempt to start/stop/restart a service from Monit.  Noticed it today after I did a reboot on the system.  Running OpenFlixr 2.5.1.   

Looking for options, but starting a discussion to see if anyone knows how to get past this.   NZBHydra, PlexPy, and WebMin are no longer working for me as of today.

ForbiddenInvalid CSRF Tokenmonit 5.16

Comments

  • I have the same in monit, and have not found a workaround or fix as yet.  Been like that for at least a few weeks.
    No issues with other apps though.
  • PS the 'CSRF token' issue with monit appears to be something to do with authentication or cookies or reverse proxy headers.

    I've had some success by using IE (i.e. the least-secure browser I can find) and going directly to the site not via nginx so http://serverip:2812/. That workaround appears to still work for at least some functions.
  • edited September 2018
    fixed it @mansauce2

  • So the problem appears to be related directly to cached cookies, which makes sense as CSRF stands for Cross Site something something :smile:

    What it means is that the authentication token is stale or is invalid for some other reason, such as it's being pulled out of a cookie for (for example) "http://192.168.220.10" but you are currently accessing it via "http://openflixr".  The browser should have got a new auth token to use for this session, but hasn't for some reason.  Note that the token is generated during the logon process for monit, so if you've somehow broken nginx to not require logons, then that's the likely cause (which is what I did).

    I think the magic sauce was to ensure that the /monit/ location in the nginx config file contains a directive to log on.  Here's the relevant part of my setup, which I checked against the install instructions on the monit wiki.
    location /monit/ {
        auth_basic "OpenFLIXR Login";
        rewrite ^/monit/(.*) /$1 break;
        proxy_ignore_client_abort on;
        proxy_pass http://127.0.0.1:2812;
    #    proxy_set_header Host $host;
        proxy_redirect http://127.0.0.1:2812 /monit; 
        proxy_cookie_path / /monit/;
    }
    I can't remember exactly, but I think I had to add the auth_basic line in order to force a logon request.

    Second, delete all cookies for the openflixr web interface.  How you do that depends on your browser, but generally you'll find it in the settings. Make sure you delete all the cookies for all the different URLs that you've used to connect to the server; for me that meant "192.168.220.10", "openflixr", "openflixr.home", and the external URL I use.

    Third, clear the cache.  In Chrome, you can do it per site.  Even better, in Chrome you can do a hard reset for the site by pressing F12 (to open the developer console) and then right-click on the Refresh icon, and choose "Empty cache and hard reload".

    I hope that helps!
  • Testing Ubuntu 18.04 LTSR, everything works 99,99% so I'm planning to create an update script.

    This will also install the latest Monit and fixes CSRF problems.

  • 2.9 will fix this.

Sign In or Register to comment.