CSRF Verification Failed

jaltek · December 19, 2017, 3:43pm

Hi,

I’m using the Sentry Docker image and the PHP-SDK.

Sentry itself is running fine but sending and error causes an 403 error. Logfile from the docker logs:

web_1 | <****local_ip****> - - [19/Dec/2017:15:28:07 +0000] "POST //api/2/store/ HTTP/1.1" 403 8076 "-" "sentry-php/1.8.1"

I tried to debug the /vendor/sentry/sentry/lib/Raven/Client.php file by using var_dump() for the $buffer variable in the send_http_synchronous function:

$buffer = curl_exec($this->_curl_instance);

and it returns:

CSRF Verification Failed
A required security token was not found or was invalid.

DSN setup:

$client = new Raven_Client('http://xxx:xxxx@localhost:9000//2');

FQDN doesn’t work either:

$client = new Raven_Client('http://xxx:xxxx@foo.bar.local:9000//2');

Any hints what I’m doing wrong?

@matt maybe?

TIA!

matt · December 19, 2017, 5:30pm

The obvious thing I can see at a glance is the double / in your DSN which is causing it to hit the wrong URL.

jaltek · December 20, 2017, 7:31am

Thank you so much @matt. That solved it.
I entered the Root URL in the sentry settings with a trailing slash:

http://foo.bar.local:9000/

so Sentry proposed:

$client = new Raven_Client('http://xxx:xxxx@foo.bar.local:9000//2');

web-deploy · December 20, 2017, 10:50pm

Hi Matt,

I’ve encountered CSRF problem when I tried to login from web. I know the user was created already since docker logs with createuser command gave this: django.db.utils.IntegrityError: IntegrityError(‘duplicate key value violates unique constraint “auth_user_username_key”\nDETAIL: Key (username)=(web-deploy@xxxxxx.com) already exists.\n’,)
SQL: INSERT INTO “auth_user” (“password”, “last_login”, “username”, “first_name”, “email”, “is_staff”, “is_active”, “is_superuser”, “is_managed”, “is_password_expired”, “last_password_change”, “session_nonce”, “date_joined”, “last_active”) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s) RETURNING “auth_user”.“id”

but when I login using the email, it gave this: "CSRF Verification Failed
A required security token was not found or was invalid.

If you’re continually seeing this issue, try the following:

Clear cookies (at least for Sentry’s domain).
Reload the page you’re trying to submit (don’t re-submit data).
Re-enter the information, and submit the form again.
Read more about CSRF on Wikipedia."

I’ve tried password recover page, it’s the same error.

Also tried with non-existing username, same error.

Docker log for web container shows no error.

Tried with both Safari and Chrome.

web-deploy · December 21, 2017, 3:50pm

Never mind. I’ve found the problem. “SENTRY_USE_SSL” set to ‘1’ was the problem.

acdha · September 11, 2018, 8:32pm

I hit the same problem as @jaltek – it seems like the root URL field should trim trailing slashes or the template should do urljoin(root, endpoint) to normalize the paths.

premek-gb · August 10, 2021, 11:50am

Hi, we also spent too much time trying to find out what’s wrong until we noticed the missing “/”. Would it be possible to respond with some message that makes it more clear what’s wrong? Why does it complain about CSRF?

Topic		Replies	Views
CSRF Verification Failed since Sentry upgrade	6	5489	July 30, 2020
CSRF Validation Failed On-Premise	20	6877	September 9, 2021
DSN is empty (in docker) On-Premise	6	3011	May 20, 2020
Sentry logging issue On-Premise	7	3417	August 11, 2020
Django Raven test error - 403 Forbidden On-Premise	4	4752	July 26, 2017

CSRF Verification Failed

Related Topics