Missing XSRF token

I’m still seeing this problem in 2.0.2.15. I thought this was supposed to have been resolved so I thought I should let you know…

I see it as well for the latest stable version on Win10. No under-power issue here either. When this error shows up, I can click ok and everything “appears” to be ok, but if you try to edit a backup, you’ll find that the source is empty and can’t be browsed, and drop-down menus don’t work. You have to refresh the tab. I can’t see a pattern for how long it takes to re-appear, but everything will seem to work fine until you close it for some indeterminate time.

Yes, I believe, currently, the only way to get rid of that error is to use the experimental version (until 3 January, you even had to go to canary, but that is no longer necessary).

I still see it on 2.0.2.15.

1 Like

I’ve been seeing consistent XSRF Token errors when connecting to a remote Duplicati instance using SSH Port tunnelling.

Just thought I shoudl mention it because the usual F5 didnt clear it.

Remote instance is Duplicati - 2.0.2.1_beta_2017-08-01

:slight_smile:

Thanks for the input.

We know 2.0.2.1_beta had issues with the XSRF error even when used locally (which is why that part of the code was rewritten in later canary / experimental versions) but I’m not sure why F5 isn’t clearing it for you. If you’re using Chrome, try Ctrl-F5.

If you update to a newer version (canary, experimental, beta, etc.) and still get it, please come back and let us know.

A refresh of the page definitely clears it for me, but is it supposed to be fixed?

I’m on 2.0.2.1_beta_2017-08-01.

That version has the bug. It was supposedly fixed in a later release. But I still see it (perhaps less often) on 2.0.2.15.

Is .15 available as a binary download or source only?

Where?

Found it.

Here: Releases · duplicati/duplicati · GitHub

1 Like

…BTW: Still getting it with .17 occasionally.

Yeah, so far things seem to be making it less common but not fully resolved.

For those that care, the XSRF token is Angular’s (used in the Duplicati web interface) implementation of the Cross-Site Request Forgery (CSRF) security feature described here:
https://stormpath.com/blog/angular-xsrf

So what’s going on is that somehow the Duplicati server isn’t getting the XSRF token and thinks the request from the web UI is fake so doesn’t give the UI whatever data was requested (often seen as empty select lists).

It’s strictly a communications issue between the Duplicati web UI and the Duplicati server (service / backend or tray-icon), in no way is it an issue with backups.

2 Likes

Sounds good. It’s just a pain to have to refresh each time is all. Glad to know it’s trivial.

Keep up the great work!

1 Like

Since this topic gets a lot of traffic, I want to mention that I believe I have found the cause for the XSRF error (bad cache settings) and I have fixed it, and it will be part of the next canary.

3 Likes

Any luck with this, still having it in chrome+firefox, strangely ie10 is working fine.

It should be resolved in new experimental and canaries.

What version are you using?

1 Like

Normal beta: 2.0.2.1_beta

When might this get pushed up the release chain?

Ah, okay, then you’re still affected for sure.

We just finished the 2.0.3 experimental Milestone · GitHub, but there isn’t a specific beta milestone yet, so I’m not sure exactly how long it would be.

There is a 2.0 stable Milestone · GitHub but it’s still quite a bit away judging from the current issues on that one.

@kenkendk, have you had any thoughts on a beta milestone? 2.0.4?

My plan is to promote the current experimental to a beta soon.

If we go for around march 30th, the experimental has been out for 2 weeks, which should have triggered unknown issues by then.

2 Likes

Excellent! It seems to be at a pretty good state right now and I’m sure it would drag out if we rebase it on the canary since it just got a lot of new untested features :slight_smile:

1 Like