gitea: Blank page with "Invalid csrf token."
- Gitea version (or commit ref): 1.13.0
- Git version: 2.25.1
- Operating system: Ubuntu Server 20.04
- Database (use
[x]):- PostgreSQL
- MySQL
- MSSQL
- SQLite
- Can you reproduce the bug at https://try.gitea.io:
- Yes (provide example URL)
- No
- Haven’t tried
- Log gist: N/A
Description
When clicking buttons or adding comments in issues I often see a blank page saying Invalid csrf token., which I had to work around using a refresh and a re-click, which has problems such as losing text already typed up in the comments. This could be related to me using a lot of tabs.
Issues that this might be related to are:
- #4311: seems very similar, but locked so no discussion can be continued. Don’t quite understand how it is closed as #11182 doesn’t seem to be solution to this page appearing and proposes to log out instead (why though and how does it make things better?).
- #11188: proposes switching to
SameSite=strictcookies instead, which seem to be able to fix this issue. Still filling this issue since this is not what a user might expect so should be better categorized as a bug than a proposal. Also, fixing this issue doesn’t directly necessitate using #11188 and other fixes might be possible.
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Comments: 16 (8 by maintainers)
I just created a fresh installation of
v1.14.1and am seeing theInvalid csrf token.message every time there is a POST request. Interestingly this only happens with firefox 86 but not with chromium 89. In contrast to the other reports, refreshing the page does not fix this.EDIT: what fixed the problem for me was to clear all cookies and site data in the firefox preferences.
csrftokenhas an expired time. Most time it occurred because stay in an input page too long.