Access is denied. Invalid CSRF token 403
72 views
Skip to first unread message
Danil Doroshenko
Sep 25, 2024, 12:08:30 PM9/25/24
to DSpace Technical Support
Hello, face this problem when try to login or register, or doing anything on UI. Double checked all configs 10 times, have zero idea, how to solve it.
local.cfg:
dspace.server.url = https://devessuir.sumdu.edu.ua/server
# Public URL of DSpace frontend (Angular UI). May require a port number if not using standard ports (80 or 443)
# DO NOT end it with '/'.
# This is used by the backend to provide links in emails, RSS feeds, Sitemaps, etc.
# NOTE: this URL must be accessible to all DSpace users (should not use 'localhost' in Production).
# It corresponds to the URL that you would type into your browser to access the User Interface.
dspace.ui.url = https://devessuir.sumdu.edu.ua
config.prod.yml:
ui:
ssl: false
host: localhost
port: 4000
nameSpace: /
# This example is valid if your Backend is publicly available at https://api.mydspace.edu/server/
# The REST settings MUST correspond to the primary/public URL of the backend. Usually, this means they must be kept in sync
# with the value of "dspace.server.url" in the backend's local.cfg
rest:
ssl: true
host: devessuir.sumdu.edu.ua
port: 8443
nameSpace: /server
All runned on HTTPS by LetsEncrypt certificates, backend accesible 24/7 on https://devessuir.sumdu.edu.ua, frontend shut downed. On backend I can login via Hal browser, but on frontend this problem 403
local.cfg:
dspace.server.url = https://devessuir.sumdu.edu.ua/server
# Public URL of DSpace frontend (Angular UI). May require a port number if not using standard ports (80 or 443)
# DO NOT end it with '/'.
# This is used by the backend to provide links in emails, RSS feeds, Sitemaps, etc.
# NOTE: this URL must be accessible to all DSpace users (should not use 'localhost' in Production).
# It corresponds to the URL that you would type into your browser to access the User Interface.
dspace.ui.url = https://devessuir.sumdu.edu.ua
config.prod.yml:
ui:
ssl: false
host: localhost
port: 4000
nameSpace: /
# This example is valid if your Backend is publicly available at https://api.mydspace.edu/server/
# The REST settings MUST correspond to the primary/public URL of the backend. Usually, this means they must be kept in sync
# with the value of "dspace.server.url" in the backend's local.cfg
rest:
ssl: true
host: devessuir.sumdu.edu.ua
port: 8443
nameSpace: /server
All runned on HTTPS by LetsEncrypt certificates, backend accesible 24/7 on https://devessuir.sumdu.edu.ua, frontend shut downed. On backend I can login via Hal browser, but on frontend this problem 403
DSpace Technical Support
Oct 3, 2024, 12:31:50 PM10/3/24
to DSpace Technical Support
Hi,
This "Invalid CSRF Token" error is a common installation issue that we describe solutions to in our "Common Installation Issues" guide: https://wiki.lyrasis.org/display/DSDOC7x/Installing+DSpace#InstallingDSpace-%22403Forbidden%22errorwithamessagethatsays%22Accessisdenied.InvalidCSRFToken%22
This "Invalid CSRF Token" error is a common installation issue that we describe solutions to in our "Common Installation Issues" guide: https://wiki.lyrasis.org/display/DSDOC7x/Installing+DSpace#InstallingDSpace-%22403Forbidden%22errorwithamessagethatsays%22Accessisdenied.InvalidCSRFToken%22
It is usually the result of a misconfiguration as described in that guide. Based on what you've shared, it might be the fact that your "config.prod.yml" shows the "rest" setting on port 8443, but your "local.cfg" on the backend does NOT have a port (which means it's using port 443). You may want to see if fixing those ports to be the same helps solve the problem.
Tim
Reply all
Reply to author
Forward
0 new messages