[NOOB] CSRF check failed. [SOLVED] => ReInstall

Started by MarieSophieSG, October 11, 2024, 12:10:30 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
October 12, 2024, 01:41:23 AM #15 Last Edit: October 12, 2024, 08:02:38 PM by MarieSophieSG
Quote from: cookiemonster on October 12, 2024, 12:07:28 AM
Previous:
> On all 5 clients all at the same time ?
No, this web dev tools is useful to delete specific cookies and to analyse the browser-server conversation. Just the one machine being used to diagnose is sufficient.

Sorry, my meaning was about the suggestion that it could be a client-side problem rather than central OPNsense, my reaction was: On all five client at the same time ? (if it was a coockie or browser problem)

Anyway, as I SSH'd reboot, which was refused, and even opt. 5 OFF, so I hard switched it off and I just took the box out of its shelf, went back to the wokbench, screen+keyboard => reinstall

I saw many weird messages at first, and a long time hanging, clamAV was still installed and running (despite being removed from the GUI), etc .. so that convinced me to do a fresh reinstall

Much quicker than the first, on the user side :-p

Now all access back up and running ... will do a backup right away in this "stock running" state, and then I will resume my tentative to have all laptops accessing both NAS as by default, LANs don't communicate with each others
Hunsn RS39 (N5105, 4x i225) 24.7.5_0 testing
LAN1 = swtch1 Laptop1 MX23, NAS, Laptop2 Win10
LAN2 = WiFi router AP, Laptop2, tablet, phone, printer, IoT, etc.
LAN3 = Swtch2 Laptop3 Suse; Laptop4 Qube-OS/Win10, printer
Pretending to be tech Savvy with a HomeLab :-p
October 12, 2024, 01:16:08 PM #16
While going through all set-up, I saw:
Code Select
Enable HTTP Strict Transport Security
HTTP Strict Transport Security (HSTS) is a web security policy mechanism that helps to protect websites against protocol downgrade attacks and cookie hijacking.

And

Code Select
Disable HTTP_REFERER enforcement check
When this is unchecked, access to the web GUI is protected against HTTP_REFERER redirection attempts. Check this box to disable this protection if you find that it interferes with web GUI access in certain corner cases such as using external scripts to interact with this system. More information on HTTP_REFERER is available from Wikipedia.


Which I may have triggered in the previous config, not sure but it rings me some bell, I think I did the first HSTS ...
Could that be the reason ?
Hunsn RS39 (N5105, 4x i225) 24.7.5_0 testing
LAN1 = swtch1 Laptop1 MX23, NAS, Laptop2 Win10
LAN2 = WiFi router AP, Laptop2, tablet, phone, printer, IoT, etc.
LAN3 = Swtch2 Laptop3 Suse; Laptop4 Qube-OS/Win10, printer
Pretending to be tech Savvy with a HomeLab :-p
October 12, 2024, 04:45:02 PM #17
yes, I was going to suggest to change as a test that but it was a chicken and egg situation.
Glad you're fine again.
December 05, 2024, 03:12:11 PM #18
I have the same problem. Latest opnsense on hyper-v installation and it crash all. When try log in to admin panel get:
CSRF check failed. Your form session may have expired, or you may not have cookies enabled.
I have old version opnsense on second VM and never getting this error...
Any idea?
December 05, 2024, 03:18:38 PM #19
Your browser opens a cached page with the wrong CSRF token. Just flush your cache.


Cheers,
Franco
Print
Go Up Pages 1 2
User actions