Access forbidden CSRF check failed OC 10


#1

Sorry for the wrong category but i would like go straight to the point. I had a server running OC and "a lot" of other services. The server use nginx as web server and mysql. Till OC 10.0.2 everything was good. I updated to 10.0.3 following a procedure i wrote on my notepad so just repeating with cut&paste the same command i always used. So i mean i couldn't be wrong. Well in the beginning all was fully working after 2/3 days i cannot login via web interface because i receive the error "Access forbidden CSRF check failed" but all the other things i mean sync client on mac, application on iphone all is still working. As an IDIOT i decided to restore a previous Backup of the entire SD (i use a raspberry Pi3) well it's a little bit OT but even on this i was so unlucky to be unable to restore nothing except a pi2 image that was configured simply as desktop. So it means i started once again from scratch to configure almost every service and installing the latest OC. Once again the web interface worked 2 days and again i have the same error and i cannot login neither with my usernmane or as root. In the middle of this behaviour nothing i changed so it is to me really mysterius and at this point i guess it's a OC big BUG! To be honest i'm not a newbie but neither a guru in linux but i would like to address and fix this and mainly understand "how come" without touching nothing (except the daily upgrade of linux package) this happen. I read dozen of posts. Guys i don't want to be nasty but is useless that i write down logs or whatever because i told "the OC was good for 2 days i din't touched nothing" and now it not working and this happened since i updated (sorry now installed from scratch) the latest release of OC. Never happened before this 10.0.3. All the service (mysql, nginx, wordpress) are working and i repeat the same OC works except the web login. If someone can help to fix this or has an answer it could be great. By my side i won't touch anything else because rebuild e reconfigure a server took too much efforts. If i don't find a solution i will leave alla as it is or directly delete OC because it was and is too frustrating working like this.


#2

I did the following search https://github.com/owncloud/core/search?q=%22CSRF+check+failed%22&type=Issues&utf8=%E2%9C%93 and found https://github.com/owncloud/core/issues/25927


#3

Thanks for your answer. After going crazy about that i simply turned off my OC from CloudFlare and it started to works again! Well ClaudFlare is like a "proxy" (it is more) for sure something in the request passed trough it in ssl is misundertood by the client. I cannot go technically deeply into this but this happens since OC 10.0.3 . So my stupid workaround (because it's not a solution) is to switch off the security and proxy features of CloudFlare using it simply as DNS. Personally nothing impact to me because my site and my OC is only personal and it is just secured (only ssl) but still i don't understand how come this happened with the 10.0.3 . On top of this i had also issues with WP and with my PHP and my SQL. At this point i guess the problem could be addressable to CloudFlare instead of OC itself. All is too much complicated then , by my side, in order to do not let newbie confused we could close this post. Thanks for the support


#4

Looks to me that CloudFlare is causing various issues: https://doc.owncloud.org/server/latest/admin_manual/search.html?q=cloudflare


#5

Well what i found in your link is mostly addressable to upload files. I also took a look to the part that say to disable "Autominify Javascript" i disabled but still under CloudFlare the CSRF error exists.
On top of OC also a WP site that has some pages created by me that simply insert and query a mySQL DB does not works as before. Obviously i thanks you for the support but i guess the cause is totally addressable to CloudFlare. At this point being my site simply personal and with only me as user and totally safed by ssl i will avoid to use CloudFlare. Sorry for disturbing you as community because at this point i should query CloudFlare support not OC....probably they changed something in some way i don't know. But as i told for the "importance" of the website itself (i am the only user and it's a personal OC+WP site) i dont want to loose other days in troubleshooting something that was working till a month ago and now do not under them. Regards, Pietro.