trilium icon indicating copy to clipboard operation
trilium copied to clipboard
verified publisher icon zadam

(Bug report) Invalid CSRF token after fresh docker installation

Open fengwang opened this issue 2 years ago • 6 comments

Trilium Version

0.60.4

What operating system are you using?

Other Linux

What is your setup?

Server access only

Operating System Version

Archlinux

Description

  1. Create an docker container: mkdir trilium-data && chmod 777 trilium-data && docker run -d --name trilium -p 0.0.0.0:7582:8080 -v /data/Dockers/Trilium/trilium-data:/home/node/trilium-data --restart unless-stopped zadam/trilium:0.60.4
  2. Visit the web interface, setup as a new user with password and login
  3. The web interface shows gray background with message 403 POST tree/load and Invalid CSRF token

Full log is attached within this issue.

fulllog.txt

Error logs

The docker logs gives error message such as

ERROR: Invalid CSRF token: gTy0zmzL-zDpCkMplqlGn6EfAwLnopIyKyLA, secret: zpN74Smky9YA4e1Okk1Ky3hNfqvtHPkk
Error: Invalid CSRF token
    at /usr/src/app/src/app.js:98:11
    at Layer.handle_error (/usr/src/app/node_modules/express/lib/router/layer.js:71:5)
    at trim_prefix (/usr/src/app/node_modules/express/lib/router/index.js:326:13)
    at /usr/src/app/node_modules/express/lib/router/index.js:286:9
    at Function.process_params (/usr/src/app/node_modules/express/lib/router/index.js:346:12)
    at next (/usr/src/app/node_modules/express/lib/router/index.js:280:10)
    at /usr/src/app/node_modules/express/lib/router/index.js:646:15
    at next (/usr/src/app/node_modules/express/lib/router/index.js:265:14)
    at next (/usr/src/app/node_modules/express/lib/router/route.js:136:14)
    at Layer.handle_error (/usr/src/app/node_modules/express/lib/router/layer.js:67:12) {
  status: 403
}
JS Error: 403 POST tree/load - Invalid CSRF token
Stack: Error
    at Object.N [as logError] (http://10.147.19.201:7582/assets/v0.60.4/app-dist/desktop.js:2:103948)
    at Object.throwError (http://10.147.19.201:7582/assets/v0.60.4/app-dist/desktop.js:2:89111)
    at h (http://10.147.19.201:7582/assets/v0.60.4/app-dist/desktop.js:2:85051)
    at async Object.error (http://10.147.19.201:7582/assets/v0.60.4/app-dist/desktop.js:2:85367)
Generated CSRF token Y9LGRnOE-gQav_WJtdD7P_Rj0okHpm9rMUas with secret undefined

fengwang avatar Aug 19 '23 01:08 fengwang

Please note that I encountered this or same problem with many versions, from 0.58.6 to latest

fengwang avatar Aug 19 '23 01:08 fengwang

I have also noticed this when accessing via the macos electron app. When it starts, I get that error. I then close the windows and select "New" from the menu and it opens fine.

[UPDATE] I should add that I am using Trilium via the Electron app and the server is not yet using https, so this may be contributing to the issue.

sottey avatar Aug 23 '23 00:08 sottey

I tested the exact command on Ubuntu and it works fine. I wonder what's the differentiating factor here, Arch or perhaps browser, some browser (privacy) extension? I assume there isn't any reverse proxy at play, but perhaps something else configured in the network stack?

zadam avatar Aug 29 '23 20:08 zadam

Hi @zadam, many thanks for looking into this issue. I created the docker container in a server in my Lan, and visit it remotely from my laptop using a zerotier network. Could this setup be a problem?

Update: On my laptop, I executed the same command to bring up a docker container, visit it with localhost ip 127.0.0.1, and everything works as expected. I guess this problem is related to the remote web visit.

fengwang avatar Sep 05 '23 20:09 fengwang

I often get this when going back to a previously-opened trilium tab on Firefox on Android. Seems the tab process ends, and is restored / the page reloaded upon going back to the tab. Unsure of if the timing involved, in my encounters it's in the realm of hours. I'll try to get logs next time it happens.

YodaDaCoda avatar Jun 02 '24 07:06 YodaDaCoda

Getting the same error, both using the desktop app or the web interface. The only way I've found to get access again, is to clear the site cookies.

I haven't sat down and found a consistent way to reproduce the issue. Right now it seems to happen when I've been updating notes, then shutting down the computer for the day, and the next day the issue often appears.

Running TrilliumNext (same issue running Trillium) in docker, behind a Traefik proxy.

Edit: Using Brave Browser on Windows, or the TrilliumNext Desktop app, also on Windows.

networks:
  proxy:
    external: true

services:
  triliumNext:
    image: triliumnext/notes:latest
    container_name: triliumNext
    hostname: real-hostname
    restart: unless-stopped
    environment:
      - TZ=UTC
      - USER_UID=12345
      - USER_GID=12345
    volumes:
      - /home/user/.local/share/triliumNext-data:/home/node/trilium-data
    networks:
      proxy:
    labels:
      - traefik.enable=true
      - traefik.docker.network=proxy
      - traefik.http.routers.rtr-triliumNext.entryPoints=https
      - traefik.http.routers.rtr-triliumNext.rule=Host(`sub.domain.tld`) && ClientIP(`192.0.2.0/24`)
      - traefik.http.services.svc-triliumNext.loadBalancer.server.scheme=http
      - traefik.http.services.svc-triliumNext.loadBalancer.server.port=8080
      - traefik.http.routers.rtr-triliumNext.service=svc-triliumNext

briped avatar Oct 12 '24 15:10 briped