plane icon indicating copy to clipboard operation
plane copied to clipboard
Published 17 hours ago verified publisher icon makeplane

[bug]:Forbidden (CSRF cookie not set.): /auth/sign-in/

Open jrndberg opened this issue 1 year ago • 7 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

Current behavior

Some user getting this error when trying to sign in from Linux based OSs 4cb8bef6-4291-44b4-ac88-613d74d57f6d

Steps to reproduce

Go to login page Log in Get error

Environment

Production

Browser

Other

Variant

Self-hosted

Version

v0.22.0-stable

jrndberg avatar Jul 13 '24 19:07 jrndberg

@tbbkitty, can you check if the CSRF cookie is set when you enter the email.

pablohashescobar avatar Jul 15 '24 08:07 pablohashescobar

I was able to fix it by removing the port from CORS_ALLOWED_ORIGINS.

chillpert avatar Jul 17 '24 13:07 chillpert

I was able to fix it by removing the port from CORS_ALLOWED_ORIGINS.

I never had a port assigned.

I think the issue is with inviting and only letting users register with an invite.

When one of my users who got this error tried to register again with the same credentials as they originally did, they were just signed right in like nothing happened and now they are able to log in again just fine.

jrndberg avatar Jul 17 '24 21:07 jrndberg

I receive this error when using a password manager (specifically 1Password) to autofill my sign in information. It seems to submit too quickly because if I just manually copy and paste, which is slower, I never get the error, however if I use my password manager I always get it.

This should probably be a separate issue but I am unsure, let me know if so.

tcatlas avatar Jul 25 '24 16:07 tcatlas

I solved this by adding this to my nginx.conf and I have CORS_ALLOWED_ORIGINS set

            proxy_set_header X-Real-IP ${dollar}remote_addr;
            proxy_set_header X-Forwarded-For ${dollar}proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto ${dollar}scheme;

moiz-qureshi avatar Oct 12 '24 13:10 moiz-qureshi

Chiming in here to mention that I also run into this issue when letting the 1Password extension autofill the username/password combination right after each other.

When I first enter my email manually, hit enter to get to the password step, and only then let 1Password fill in the password it works fine though.

jordibeen avatar Nov 22 '24 14:11 jordibeen

Check for CORS_ALLOWED_ORIGINS environment variable. It should be http://... not https://.... When I changed it from https to http it worked.

tosh99 avatar Mar 18 '25 12:03 tosh99

Check for CORS_ALLOWED_ORIGINS environment variable. It should be http://... not https://.... When I changed it from https to http it worked.

I have implement this, but still got the errors. I've deployed the service using docker swarm + traefik.

nyxsr avatar Aug 06 '25 23:08 nyxsr