Invalid CSRF Token

Create issue
Issue #535 duplicate
Former user created an issue

Getting this error every time I try and use any of the command buttons for a service being monitored by monit.

Pertinent part of the monit config:

set httpd port 2812 and use address 192.168.69.1 allow 192.168.69.0/24

This error only occurs if monit is bound to the 192.168.69.1 interface, which is a linux bridge interface (br0). If monit is bound to localhost and allow is set to localhost, no such error occurs. (But I have to use ssh tunnel to connect).

I tried adding a basic auth statement to the above config, but it appears to make no difference. :-(

Comments (6)

  1. Tildeslash repo owner

    Monit 5.20 add the CSRF protection using double-submit-cookie pattern.

    Please can you send screenshot of the error?

  2. Tildeslash repo owner

    Thank you for data. It could be related to issue #495, which is fixed in the development version already.

    Please can you test the development snapshot?

    wget https://bitbucket.org/tildeslash/monit/get/master.tar.gz
    tar -xzf master.tar.gz
    cd tildeslash*
    ./boostrap
    ./configure
    make
    
  3. Pol Isidor

    I compiled version 5.26 on Ubintu 18 x64 and I still have this error.

    Before I get this error pop-up window appear in firefox:

    Why?

    How to fix it?

  4. Log in to comment