CSRF errors

Issue #732 duplicate
Former user created an issue

I installed Monit on a raspberrypi B+ following instuctions ( https://www.domoticz.com/wiki/Monitoring_domoticz).

The website monitor-settings in /etc/monit/monitrc are:

set httpd port 2812 and allow admin:monit # require user 'admin' with password 'monit'

and monitor-setting for Domoticz-pid are:

check Domoticz

check process domoticz with pidfile /var/run/domoticz.pid start program = "/etc/init.d/domoticz.sh start" stop program = "/etc/init.d/domoticz.sh stop" if failed url and content = '"status" : "OK"' for 2 cycles then restart

I can enter the monit-website . but if i want to start, stop or restart the service an error occur:. FORBIDDEN Invalid CSRF Token. Logfile output: [CEST Apr 4 14:03:12] error : HttpRequest: access denied -- client []: no CSRF token in cookie [CEST Apr 4 14:03:12] error : HttpRequest: error -- client []: HTTP/1.0 403 Invalid CSRF Token.

Cookies are enabled.

Can you help to explain the problem and how to solve?

thanks Paul

Comments (8)

  1. Tildeslash repo owner

    Please upgrade monit, the problem was fixed in monit 5.21.0:

    Fixed: Issue #495: Position independent CSRF cookie value.
  2. Valerio Ammendola

    Hi, I'm on raspberry pi 3b+ too, and if I do apt-get update and then apt-get install monit I'm still getting the same version 5.20.

    How can I update?


    EDIT: If I clear all my cookies for my domain it works, but I still would like to upgrade to the latest version!

  3. Valerio Ammendola

    @tildeslash thanks for that. There are no installation instructions in that binary package.

    Should I just replace the executable, conf and man files?

  4. Tildeslash repo owner

    @thunder2k it is sufficient to replace just the monit executable. Note that some packages use non-standard configuration file path, the default is /etc/monitrc ... if your package uses for example /etc/monit/monit.conf, just create a link to /etc/monitrc, so both the original package and pre-build binary can find the configuration.

  5. Valerio Ammendola

    @tildeslash I've merged the monitrc file with my old one so I kept my config with new comments in case I want to enable them in the future. My package was pointing to /etc/monit/monitrc file so no need to link it. I've replaced the executable in /usr/bin and relaunched now. Everything seems to work fine, thanks!! One question, why the new Read/Write columns always display 0 B/s? Are they always displayed even if no test is setup on them?

  6. Tildeslash repo owner

    @thunder2k yes, the read/write statistics is displayed for process and filesystems, even if 0.

  7. Log in to comment