Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

wrong csrf_token

Featured Replies

My syslog is overrun with wrong csrf_token errors generated from the unassigned devices plug in.  This starts immediately after reboot with only one web browser page open so the faq does not seem to be relevant:

https://forums.unraid.net/topic/46802-faq-for-unraid-v6/?do=findComment&comment=545988

 

It did not stop after uninstalling the plugin.

It did not stop after reboot after uninstalling the plugin.

There is no UnassignedDevices.php - at least in /boot/config/plugins/unassigned.devices

 

May 17 08:11:06 NAS root: error: /plugins/unassigned.devices/UnassignedDevices.php: wrong csrf_token
 

 

Edited by RadOD
add

  • Author
5 minutes ago, johnnie.black said:

Yes, thank you.  You might notice is you read the second sentence is that I have seen that.

 

However, as of right now I am only using one browser on one computer after a fresh reboot.  So do you mean I have to go find any and every instance of an open webpage on any computer I might have left open somewhere at any point in the past?  And any phone or tablet that has ControlR? Because this could cover a seriously lot of hardware and a lot of square miles to find!

  • Community Expert
2 minutes ago, RadOD said:

So do you mean I have to go find any and every instance of an open webpage on any computer I might have left open somewhere at any point in the past?  And any phone or tablet that has ControlR?

If it's running yes.

  • Author

netstat -vatn was able to find the source of the problem.  

 

Seems like there should be a server side solution to prevent this.  After a time a client anywhere with a bad CSRF token causes parts of Unraid to stop working - possibly from spamming the syslog. How does this work with multiple users?  Do administrators email all their users asking them to close their forgotten browswer tabs?

  • Community Expert
8 hours ago, RadOD said:

netstat -vatn was able to find the source of the problem.  

 

Seems like there should be a server side solution to prevent this.  After a time a client anywhere with a bad CSRF token causes parts of Unraid to stop working - possibly from spamming the syslog. How does this work with multiple users?  Do administrators email all their users asking them to close their forgotten browswer tabs?

Only the root user (i.e. Administrators) can successfully log into the Unraid Web GUI in the first place.

  • 5 months later...

I Tried what you said.  I got this:

 

Ignoring all the 0.0.0.0:

 

tcp        0      0 192.168.1.226:80        192.168.1.25:22943      ESTABLISHED
tcp        0      0 192.168.1.224:80        192.168.1.25:21784      ESTABLISHED
tcp        0      0 192.168.1.226:80        192.168.1.25:22443      ESTABLISHED
tcp        0      0 192.168.1.226:80        192.168.1.25:20441      TIME_WAIT  
tcp        0      0 192.168.1.226:80        192.168.1.25:22952      ESTABLISHED
tcp        0    824 192.168.1.226:80        192.168.1.25:22442      ESTABLISHED
tcp        0      0 192.168.1.226:80        192.168.1.25:22842      ESTABLISHED
tcp        0      0 192.168.1.226:445       192.168.1.25:22246      ESTABLISHED
tcp        0      0 192.168.1.226:80        192.168.1.25:22440      ESTABLISHED
tcp        0      0 192.168.1.226:80        192.168.1.25:22942      ESTABLISHED
tcp        0      0 192.168.1.226:80        192.168.1.25:22441      ESTABLISHED

 

*.226 is the server. as well as *.224 and some others-  it has 6 NICs in total, at least 4 in use, one for BMC, 1 10Gb Direct Connection (both included in that 4- so 2 on general LAN, 1 direct 10gb to my usual PC, and 1 BMC on the LAN - a server controller that goes to BIOS and not OS).

 

*.25 is my desktop.

 

so the question I have is- now what?  What do I do with this information.

 

Do I need to aggressively shut down all the other LAN connections?

 

*****

I should add- removing the plugin made things drammatically worse.  Way more errors.  

That error- which totally innundated the log and ensured I could do nothing else until this was fixed- was -

Nov 1 16:06:14 Unraid nginx: 2020/11/01 16:06:14 [error] 9257#9257: *36088 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 192.168.1.25, server: , request: "POST /plugins/unassigned.devices/UnassignedDevices.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "unraid.local", referrer: "http://unraid.local/Main"

For completeness, the error with it installed is:

Nov 1 16:14:46 Unraid root: error: /plugins/unassigned.devices/UnassignedDevices.php: wrong csrf_token

This is irritating.  And while not unfamiliar with linux, I am no pro, so I am out of my depth here.

Edited by AndyT86
additional information

Both of the errors are telling you that you have another browser tab (or device) actively sitting on the GUI for Unraid.  csrf is an important security feature, and are assigned randomly at each reboot of the server.

Thanks, I did figure it out.  I am not sure what worked.  But restarting the Client PC seemed to bag them all.  FWIW there were no visible tabs open than the one.  But there must have been something lingering.

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.