"CSRF verification failed. Request aborted."

Status
Not open for further replies.
bob_v2

bob_v2

Dabbler
Joined
Nov 9, 2014
Messages
13
Thanks a lot.
After many others problems that was the last step and it works.
 
A

AndrewR

Cadet
Joined
Dec 14, 2014
Messages
1
Hasn't resolved it for me - after uploading the previous config the system reboots and I can't login. Need to try running the patch again via the shell and see if that fixes it..

Update- it has, hurrah!
 
Last edited:
bob_v2

bob_v2

Dabbler
Joined
Nov 9, 2014
Messages
13
I did it "by hand". I had to do it twice because the update erase it.
Like AlexF explain:

The patch is changing following line in /etc/local/rc.d/django
from:
if [ ${webguiproto} = "https" ]; then
to:
if [ ${webguiproto} = "https" -a ! -f /tmp/alert_invalid_ssl_nginx ]; then

Once modified and django restarted using "./django restart" (needing twice for some reason) I could login using HTTP.

As per 5.9. CAs, I created internal CA (System->CA) and then internal Certificate (System->Certificates) referencing forementioned internal CA; then changed Protocol to HTTPS (System ->General : Protocol) and rebooted.

Now can login using HTTPS. (Browser will complain because certificates is signed by non-trusted CA - you'll need to tell it to create an exception).

You can edit it with the shell directly on your NAS, or by ssh.
Follow ALL the steps:
1. log in (ssh or shell)
2. type " edit /etc/local/rc.d/django "
3. change the text as above "https" ]; then to "https" -a ! -f /tmp/alert_invalid_ssl_nginx ]; then
4. save it esc+enter
5. type " cd /etc/local/rc.d/ "
6. type " ./django restart "
7. type " ./django restart " yes twice
8. log in your nas http://you.local.nas.address
9. go to system
10. system ->CA create a CA
11. system-> certificates create a certificate
12. system -> general chose the certificate you just did
13. system -> general chose https
14. system -> general save
15. reboot


 
Ramboxman

Ramboxman

Explorer
Joined
Jun 20, 2013
Messages
63
Thanks I followed your steps exactly after pulling my hair out, and left a comment on the closed ticket #7049
This happen to me going from 9.2.1.8 to 9.3 after failed upgrade I did an iso install and uploaded my config. I even went to beta channel and had the same issue trying to access the webgui.
 
T

Teddy Petcu

Cadet
Joined
Dec 15, 2014
Messages
1
AlexF said:
The patch is changing following line in /etc/local/rc.d/django
from:
if [ ${webguiproto} = "https" ]; then
to:
if [ ${webguiproto} = "https" -a ! -f /tmp/alert_invalid_ssl_nginx ]; then

Once modified and django restarted using "./django restart" (needing twice for some reason) I could login using HTTP.

As per 5.9. CAs, I created internal CA (System->CA) and then internal Certificate (System->Certificates) referencing forementioned internal CA; then changed Protocol to HTTPS (System ->General : Protocol) and rebooted.

Now can login using HTTPS. (Browser will complain because certificates is signed by non-trusted CA - you'll need to tell it to create an exception).
Click to expand...

Have been working for me too, freenas 9.3 with uploaded configuration from 9.2.1.6, the patch, thanks
 
N

NFec

Cadet
Joined
Sep 16, 2012
Messages
1
Hi there,

I had the same issue and the fix described in this forum and even the altered one in the bug report did not help me to get the system back to a state so that I was able to log on using the GUI.
But finally I found a solution, because some lines below the mentioned code in the /etc/local/rc.d/django I found something interesting....

First of all my situation:
I updated my freenas installation via the GUI to the release 9.3-STABLE-201412301712

In this release the mentioned line from /etc/local/rc.d/django already looked like this:
Code:
if [ ${webguiproto} = "https" -a ! -f /tmp/alert_invalid_ssl_nginx ]; then

so altering this line was not necessary any more, but below that line inside the IF statement found two lines with echo command to force COOKIE secure and CSRF..., so I changed them from:
Code:
if [ ${webguiproto} = "https" -a ! -f /tmp/alert_invalid_ssl_nginx ]; then
            echo "SESSION_COOKIE_SECURE = True" >> ${django_config}
            echo "CSRF_COOKIE_SECURE = True" >> ${django_config}
        fi

to
Code:
if [ ${webguiproto} = "https" -a ! -f /tmp/alert_invalid_ssl_nginx ]; then
            echo "SESSION_COOKIE_SECURE = False" >> ${django_config}
            echo "CSRF_COOKIE_SECURE = False" >> ${django_config}
        fi

after that change I restarted django two times (maybe doing it once is enough...):
Code:
/etc/local/rc.d/django restart


Afterwards I used my default browser (Firefox) to log on without deleting any cookies or even closing sessions...

Next I try to fix HTTPS use... lets see.
 
Status
Not open for further replies.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: ""CSRF verification failed. Request aborted.""

Similar threads

P
  • Locked
CSRF verification failed. Request aborted.
Replies
7
Views
5K
pkn
P
Ghwomb
  • Locked
CSRF verification failed. Request aborted
Replies
7
Views
26K
Ghwomb
Ghwomb
R
  • Locked
uploading config after failed update
Replies
3
Views
1K
dlavigne
D
R
  • Locked
problème d'accès à Freenas par internet sous windows 8
Replies
0
Views
2K
Roban
R
P
  • Locked
Web GUI login error "CSRF verification failed" after 9.3 Update, ssh login ok
Replies
6
Views
1K
sysfu
sysfu
Top