CSRF error after update

Hi there,

just followed the update howto step by step with no errors during updating (https://wiki.diasporafoundation.org/Updating#Updating_diaspora.2A_0.6_to_diaspora.2A_0.7). Everything seems to be fine but I cant log in. I get this error "The CSRF token is invalid. Please sign in and try again."
Can anybody help?


This can have multiple reasons:

  1. You have a browser addon that block stuff. Please try it again with another browser without addons.
  2. You have misconfigured your server and add/remove some headers in your webserver?
  3. Your cookie is broken, this can be tested when you try it with another browser, or when you delete the cookies for your pod.

Hi Benjamin and thanks for your hints. It was indeed topic 2 which directed me right. I disabled some headers and now it works as it should. What makes me a bit confused is, that Diaspora v6.x worked fine with these headers even during some minor updates.


Diaspora upgraded to rails 5.1 which was a big update. It is possible that rails 5.1 validates more things than rails 4.2 did.

I thought so myself at least - thanks again for your support.

Here it is 7 months later and I haven’t move one inch on this problem. I went to the freenode #diaspora channel and someone directed me back here to post my apache virtualhost config. Where would I post that to get feedback?
I got some advice about clearing the browser cache which was irrelevant. The pod works using the FQDN accessing it with Internet Explorer and maybe some other browser I don’t know about. It also works using it’s LAN name or ip address. With those restrictions, it isn’t very easy to get anyone on using a pod.
Where would I post my virtualhost config to get some feedback on what will solve this problem?
Thanks much in advance.

Surprising, since you deleted your post from June 2020. :man_shrugging:

You can paste your apache configs directly into a reply, use the code block to enclose it so that it stays readable:

Screenshot 2021-01-24 at 23.33.29

Also, the hints from @supertux88 three years ago are still valid.

Also, I just noticed that if the URL in your profile is correct, you’re using Bitnami.

We do not support that, and in fact, because their setup is frequently incredibly broken, and deviates significantly from what we can support. In you’re case, you’re not even running the Ruby daemon and reverse-proxying, but instead your diaspora* runs on Phusion. We have absolutely no idea how Phusion works and how to debug that.

So either, remove your current installation (keep the public/uploads folder, config/diaspora.yml, config/initializers/secret_token.rb, config/oidc_key.pem, and a database dump) and re-install diaspora* using our own installation documentation that we can support - or get in touch with the Bitnami support.

We’ve tried talking to them before to get them to build a setup that matches our guides. They were not interested and insisted that they know how to run diaspora* better than we do - so unfortunately we can’t really assist you here. There are just too many unknows for us to even have a small chance of success.

Dennis, Sorry I probably don’t deserve the attention you are giving to my dilemma, even though it kind of negative attention. When I have time, I will follow you advice above. I too many other things going on right now. Sounds like you and whoever does this on bitnami have a feud going on.

Thanks for these directions.They look doable.