Invalid CSRF Token
diminou91 opened this issue · comments
Hi there,
I wanted to try out notea to see if it fits my needs, everything is (or seems to be) set up correctly.
I get "Incorrect password" on login, even though it is the correct one.
Logs are throwing :
name: 'API_ERR_INVALID_CSRF_TOKEN',,
{,
message: 'Invalid CSRF token',,
stack: 'API_ERR_INVALID_CSRF_TOKEN: Invalid CSRF token\n' +,
status: 401,,
' at APIError.throw (/app/.next/server/chunks/841.js:163:19)\n' +,
' at Array.useCsrf (/app/.next/server/chunks/841.js:93:49)\n' +,
' at loop (/app/node_modules/next-connect/dist/index.cjs:69:47)\n' +,
' at next (/app/node_modules/next-connect/dist/index.cjs:74:13)\n' +,
' at processTicksAndRejections (node:internal/process/task_queues:96:5)',
' at /app/node_modules/next-iron-session/dist/index.js:137:7\n' +,
}
Any idea to help me with this ? :)
Thanks!
Do you disable cookies?
No, I'm using the basic conf :
`STORE_SECRET_KEY=
STORE_BUCKET=notea
STORE_END_POINT=http://localhost:9000
# Required
STORE_FORCE_PATH_STYLE=true
PASSWORD=`
You can try to clone the project and run it locally.
Same issue.
I'm running minio on another machine, and it is not secure (no valid certs), could this be the culprit ?
Thanks
Have you set the PASSWORD? It is required.
Haha, yes I did! :)
I've even tried different ones juste to make sure one char was not the culprit. Reverted back to "notea" but still "invalid password" and the same issue.
diminou@dockervm:~/notea$ docker run -d --name notea -p 3000:3000 -e STORE_ACCES_KEY=redacted -e STORE_SECRET_KEY=redacted -e STORE_BUCKET=notea -e STORE_END_POINT=http://192.168.1.28:9000 -e STORE_FORCE_PATH_STYLE=true -e PASSWORD=notea cinwell/notea
Is your website https? If not, you need to set COOKIE_SECURE=false.
Ha, that was it!
Thanks for you help :) I was reading the readme again and again and I missed it everythime... sorry :D
No problem.
I updated the example in the reamde, it should be clearer now.