zammad-docker-compose
zammad-docker-compose copied to clipboard
zammad
Wrong CSRF workflow
Dear,
I recently deployed this project in my environment. The deployment is successful, I could send and receive tickets from the smtp email I configured. I didn't do any customization on the configuration yet (no HTTPS and I used the nginx proxy provided in the docker-compose.yml).
My problem is that when I try to login I get a "CSRF Verification Failed". After going through the many post on that matters, I realized that it is not my issue.
After looking in details in the workflow (using burpsuite), I mange to see this behavior:
1 => GET / <= Response containing header "CSRF-TOKEN: <CSRF1>" 2 => POST /api/v1/signhow <= Response containing header "CSRF-TOKEN: <CSRF2>" 3 => POST /api/v1/signin => Request header "X-CSRF-Token: <CSRF2>" <= Response "CSRF validation failed"
I tried to intercept the request (3) and change the X-CSRF-Token to <CSRF1> and it works fine... I attached some burp screenshot.
Thanks for your help.
Hey everybody,
very similar here. I migrated the system to another server. The "First Steps" run works, but after importing the database I can't log in ("CSRF token verification failed!").
Is there a way to temporarily deactivate CSRF verfication?
Best regards Gregor
very similar here. I migrated the system to another server. The "First Steps" run works, but after importing the database I can't log in ("CSRF token verification failed!").
At the end I could solve it by adding the lines mentioned here to the compose stack.
Best regards Gregor
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}