CSRF verification failed. Request aborted

[Ghwomb]

First of all thanks for a fantastic product. It rekindled my passion for playing with server stuff by removing all the tedious parts and leaves me tinkering with the fun post-installation tweaks.

First the background
Previously I ran FreeNAS 9.1.1 without problems. Since there is no fun in running a setup that works flawlessly I decided to upgrade to 9.2-Beta2, if I remember correctly. It ran ok, but I had problems logging in. I had configured it to be HTTPS only, and I could only log in with a freshly rebooted machine. If I had logged in once and refreshed the GIU-tab or closed my browser (Iceweasel 23.0), then I had to reboot my server to be able to login again. So I upgraded to 9.2-RC1 to, hopefully, get rid of the problem. But before that I changed FreeNAS to accept logins from both HTTP and HTTPS.

My current problem
Now I have a nice install of 9.2.0-RC1, and I can't login to the GUI. If I connect to the HTTPS I get a connection failed message. If I connect via HTTP I get the "Welcome to FreeNAS 9.2.0" message and I can enter my username and password. But when I click login I get the following message:

Forbidden (403)

CSRF verification failed. Request aborted.
More information is available with DEBUG=True.

I have a hunch that my current woes is carried over from my previous problems. And, form what I can gather from Google, has something to do with the self-signed certificates FreeNAS provided me with, via the certificate generation utility in the GUI.

I can still connect via SSH via my Samba-user. But I can't use sudo or su to elevate my privileges. I can also connect via NFS, so I can still reach my files. I can, with a bit of difficulty, connect my FreeNAS to my TV and use a USB-keyboard so I can login as root, if that is needed.

 

[jgreco]

It is seeing a possible forgery attempt. Try a different browser, specifically one you never used to log in to the old FreeNAS.

 

[Ghwomb]

It is seeing a possible forgery attempt. Try a different browser, specifically one you never used to log in to the old FreeNAS.

Does not work with:

• Safari on iOS7
• LastPass-browser on iOS7
• Chrome on Android 4.4
• LastPass-browser on Android 4.4
• New install of Chromium on Debian testing
• As mentioned before; does not work on Iceweasel 23.0 on Debian testing.

Are you sure that is the problem? All browsers are unable to connect via HTTPS and get the same error on regular HTTP.

 

[Ghwomb]

It is seeing a possible forgery attempt. Try a different browser, specifically one you never used to log in to the old FreeNAS.

I can open up port 80 and try with ancient Red Hat releases with Firefox and Konqueror. And also with Explorer and Firefox under Windows 7. All those options I can try tomorrow at my school. But what should I do to make me able to login once I get home? Upgrade to the latest release candidate and hope for the best? Or is there a more correct solution?

 

[jgreco]

Dunno offhand. Maybe try a fresh install and work forward from there...

 

[Ghwomb]

If a solution does not appear before 9.2 is released, I'll reinstall then.

 

[sysfu]

I was able to resolve this issue on Opera 12.x by deleting all history, cache & cookies as well as removing the TLS cert for FreeNAS.
Preferences => Advanced => Security => Managed Certificates => Approved.

It seems that the redirect with the :443 appended to the hostname was part of the problem.

Once I zapped all browser history, the redirect with the :443 appended stopped happening and I was able to log in.

 

[Ghwomb]

I could log in one time if I restarted the server. So I restarted, logged in and changed the login to HTTP only. Then I upgraded the firmware to the latest version of FreeNAS. Since I have not had any trouble login in via HTTP I have left it at that. I only have SSH access to my server from outside my LAN. So I don't really need HTTPS, since I have chosen to trust that my wireless LAN won't get cracked without me noticing it.