CSRF Verification Failed

jaltek · December 19, 2017, 3:43pm

Hi,

I’m using the Sentry Docker image and the PHP-SDK.

Sentry itself is running fine but sending and error causes an 403 error. Logfile from the docker logs:

web_1 | <****local_ip****> - - [19/Dec/2017:15:28:07 +0000] "POST //api/2/store/ HTTP/1.1" 403 8076 "-" "sentry-php/1.8.1"

I tried to debug the /vendor/sentry/sentry/lib/Raven/Client.php file by using var_dump() for the $buffer variable in the send_http_synchronous function:

$buffer = curl_exec($this->_curl_instance);

and it returns:

CSRF Verification Failed
A required security token was not found or was invalid.

DSN setup:

$client = new Raven_Client('http://xxx:xxxx@localhost:9000//2');

FQDN doesn’t work either:

$client = new Raven_Client('http://xxx:xxxx@foo.bar.local:9000//2');

Any hints what I’m doing wrong?

@matt maybe?

TIA!

matt · December 19, 2017, 5:30pm

The obvious thing I can see at a glance is the double / in your DSN which is causing it to hit the wrong URL.

jaltek · December 20, 2017, 7:31am

Thank you so much @matt. That solved it.
I entered the Root URL in the sentry settings with a trailing slash:

http://foo.bar.local:9000/

so Sentry proposed:

$client = new Raven_Client('http://xxx:xxxx@foo.bar.local:9000//2');

web-deploy · December 20, 2017, 10:50pm

Hi Matt,

I’ve encountered CSRF problem when I tried to login from web. I know the user was created already since docker logs with createuser command gave this: django.db.utils.IntegrityError: IntegrityError(‘duplicate key value violates unique constraint “auth_user_username_key”\nDETAIL: Key (username)=(web-deploy@xxxxxx.com) already exists.\n’,)
SQL: INSERT INTO “auth_user” (“password”, “last_login”, “username”, “first_name”, “email”, “is_staff”, “is_active”, “is_superuser”, “is_managed”, “is_password_expired”, “last_password_change”, “session_nonce”, “date_joined”, “last_active”) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s) RETURNING “auth_user”.“id”

but when I login using the email, it gave this: "CSRF Verification Failed
A required security token was not found or was invalid.

If you’re continually seeing this issue, try the following:

Clear cookies (at least for Sentry’s domain).
Reload the page you’re trying to submit (don’t re-submit data).
Re-enter the information, and submit the form again.
Read more about CSRF on Wikipedia."

I’ve tried password recover page, it’s the same error.

Also tried with non-existing username, same error.

Docker log for web container shows no error.

Tried with both Safari and Chrome.

web-deploy · December 21, 2017, 3:50pm

Never mind. I’ve found the problem. “SENTRY_USE_SSL” set to ‘1’ was the problem.

acdha · September 11, 2018, 8:32pm

I hit the same problem as @jaltek – it seems like the root URL field should trim trailing slashes or the template should do urljoin(root, endpoint) to normalize the paths.

premek-gb · August 10, 2021, 11:50am

Hi, we also spent too much time trying to find out what’s wrong until we noticed the missing “/”. Would it be possible to respond with some message that makes it more clear what’s wrong? Why does it complain about CSRF?

Topic		Replies	Views
CSRF Verification Failed since Sentry upgrade	6	6841	July 30, 2020
CSRF Issue when using SSL via nginx On-Premise	14	11795	March 19, 2020
CSRF Token issue On-Premise	2	7340	May 1, 2020
CSRF Verification Failed(token was not found or was invalid) On-Premise	7	11707	December 18, 2020
CSRF Validation Failed On-Premise	20	10095	September 9, 2021

CSRF Verification Failed

Related topics