"CSRF verification failed. Request aborted" poor substitute for "Attempt to set cookie failed"

Status
Not open for further replies.
MMacD

MMacD

Explorer
Joined
Dec 12, 2014
Messages
55
I tried to post this as a bug, but the system hasn't sent me my verification mail, so here I am.

Trying to log in, I got a "CSRF verification failed. Request aborted" message. Thinking it was a referrer-header problem per the message, I fooled around with that awhile without success. Then I wondered whether it could be a bad error message and the real problem is that I won't let it set a cookie (I permit cookies on a per-site basis and it's really remarkable how many sites emit misleading error messages when thwarted).

Sure enough, that's what the problem was: there was nothing wrong with the headers, FNAS just couldn't set a cookie.
 
D

dlavigne

Guest
That's not actually a bug, FreeNAS does expect a cookie...

BTW, I activated your account if you need to create a bug report in the future.
 
MMacD

MMacD

Explorer
Joined
Dec 12, 2014
Messages
55
dlavigne said:
That's not actually a bug, FreeNAS does expect a cookie...
Click to expand...

But shouldn't the inability to set the cookie produce a "can't set my cookie" error rather than a "CSRF verification" error? I'd never seen a "CSRF verification" error before, and had to look up what it means - whence my 20-30 minutes trying to puzzle out why it didn't like the headers it was getting.

Thanks for setting up my bugs account. Since you're on staff, I won't post this as a bug if it'll just get closed as NAB.
 
Ericloewe

Ericloewe

Server Wrangler
Moderator
Joined
Feb 15, 2014
Messages
20,194
A better error message might be worth pointing out in a bug report.
 
jgreco

jgreco

Resident Grinch
Joined
May 29, 2011
Messages
18,680
One of the nicest things about the ASRock IPMI web interface was that it validated all the requirements to successfully launch the service.
 
MMacD

MMacD

Explorer
Joined
Dec 12, 2014
Messages
55
I decided I'd post the bug anyway and let the dev team NAB it if they like. But...[sigh]

Could someone with privs please fix my mail address in my bugs account. The numeric part should be 65535 (one short of 2**16). Somehow I suspect that typo may have played a part in my not receiving the verification message :rolleyes:

Tack så mycke.
 
D

dlavigne

Guest
It says that email has already been taken. Do you have a second account? If so, I can delete the incorrect one.
 
Status
Not open for further replies.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: ""CSRF verification failed. Request aborted" poor substitute for "Attempt to set cookie failed""

Similar threads

P
  • Locked
CSRF verification failed. Request aborted.
Replies
7
Views
5K
pkn
P
P
  • Locked
Web GUI login error "CSRF verification failed" after 9.3 Update, ssh login ok
Replies
6
Views
1K
sysfu
sysfu
A
  • Locked
"CSRF verification failed. Request aborted."
2
Replies
25
Views
8K
NFec
N
Ghwomb
  • Locked
CSRF verification failed. Request aborted
Replies
7
Views
26K
Ghwomb
Ghwomb
sysfu
  • Locked
web gui logins fail when http referer header disable in browser
Replies
2
Views
2K
sysfu
sysfu
Top