'CSRF verification failed' after switching to WSGI mode


#1

Hi, as recommended I’m using the WSGI mode for communication between Seahub and Nginx on my raspberry pi. I followed the official steps to switch from fastcgi. After the change the client is syncing with the server, but when I try to login via my web browser I get this error:


Forbidden (403)
CSRF verification failed. Request aborted.


I’m newbie and tried some solutions, but could not solve the problem. Can someone help me, please?

Many thanks!


#2

I have the same issue. I am using a custom port and I’m getting redirected to port 443 (i’m using SSL and HTTP2 with nginx).


#3

And did you run seahub service without fastcgi? I mean seahub.sh start instead of seahub.sh start-fastcgi


#4

Most definitely.

This is what my service looks like.

[Unit]
Description=Seafile hub
After=network.target seafile.service
#RequiresMountsFor=/mnt/iomegahdd/seafile-data

[Service]
# change start to start-fastcgi if you want to run fastcgi
ExecStart=/home/seafile/haiwen/seafile-server-latest/seahub.sh start
ExecStop=/home/seafile/haiwen/seafile-server-latest/seahub.sh stop
User=seafile
Group=seafile
Type=oneshot
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target

#5

And logs saying what? NGinx access, seafile, seahub …


#6

Nothing in nginx error log. Access log says this:
192.168.1.70 - - [17/Oct/2017:06:26:54 +0000] "GET / HTTP/2.0" 302 191 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0"


#7

I fixed it by doing the following in my nginx config:

location / {
proxy_pass          http://127.0.0.1:8000;
proxy_set_header    Host $host:CUSTOMPORT;

Replace CUSTOMPORT with the port you’re running your nginx on.


#8

Amazing, that worked, thank you so much!


#9

Hi, we’re running on apache, having the same error, just upgraded to Seafile Pro 6.3.4 so can’t use fcgi mode anymore, it works internally, in the office, however externally we use HAProxy on pfSense to access the seafile server, and we get the 403 forbidden as above, sorry to hijack this post, just hoping someone who sorted it was able to know what to do in apache for this!


#10

Okay managed to sort this.
To anyone in the rare case of using pfSense and HAProxy here’s what:
On the backend for Seafile, add a new custom acl with the settings
Name: seafileserver
Expression: Custom acl
Not: leave unchecked
Value: ssl_fc

then add a custom action:
Action: custom
ACL name: seafileserver
customaction: reqadd X-Forwarded-Proto:\ https

then the

Forbidden (403)

CSRF verification failed. Request aborted.

More information is available with DEBUG=True.

error will go (trying to make this solution as searchable as possible!)