Rstudio 2024 with invalid CSRF

My Cluster is Rocky 8.10. I install OOD latest version but when i tried to use Rstudio bc_example_rstudio with my rocky 8.10 image it show [rserver] ERROR Failed to validate sign-in with invalid CSRF form. I did have searched in many threads to add like csrf_token in submit.yml.erb but still doesn’t work.

Hi and welcome!

Can you share your view.html.erb and the portion of the script that sets the CSRF token.

This is view.html.erb

<script type="text/javascript">
	(function () {
		  let date = new Date();
		  date.setTime(date.getTime() + (7*24*60*60*1000));
		  let expires = "expires=" + date.toUTCString();
		  let cookiePath = "path=/rnode/" + "<%= host.to_s %>" + "/" + "<%= port.to_s %>/";
		  /**
			    rstuido wants a cookie called csrf-token - but that's going to change in 2020!
			  */
			  let cookie = `csrf-token=<%= csrf_token %>;${expires};${cookiePath};SameSite=strict;secure`;
		  document.cookie = cookie;
	})();
</script>
<form action="/rnode/<%= host %>/<%= port %>/auth-do-sign-in" method="post" target="_blank">
  <input type="hidden" name="username" value="<%= ENV["USER"] %>">
  <input type="hidden" name="password" value="<%= password %>">
  <input type="hidden" name="staySignedIn" value="1">
  <input type="hidden" name="appUri" value="">
  <button class="btn btn-primary" type="submit">
    <i class="fa fa-registered"></i> Connect to RStudio Server
  </button>
</form>

I can open interactive app but it show like this

the logs on .local/share//rstudio/logs/rserver.log is

2024-11-23T01:23:50.997162Z [rserver] ERROR Failed to validate sign-in with invalid CSRF form; LOGGED FROM: bool rstudio::server::auth::common::validateSignIn(const rstudio::core::http::Request&, rstudio::core::http::Response*) src/cpp/server/auth/ServerAuthCommon.cpp:136

rsession.log

2024-11-23T01:21:50.208656Z [rsession-wpeeranon] ERROR system error 2 (No such file or directory) [path: /sys/fs/cgroup/memory/memory.limit_in_bytes]; OCCURRED AT rstudio::core::Error rstudio::core::FilePath::openForRead(std::shared_ptr<std::basic_istream<char> >&) const src/cpp/shared_core/FilePath.cpp:1504; LOGGED FROM: rstudio_boost::shared_ptr<rstudio::core::system::{anonymous}::LinuxMemoryProvider> rstudio::core::system::{anonymous}::getMemoryProvider() src/cpp/core/system/LinuxResources.cpp:425

Hi,

I had a similar issue. I found the solution in this ticket helped solve it.

You also need to update your view.html.erb to the one found here.

Sorry for dropping this. It appears your view.html.erb is good. I wonder if you export the csrf_token or if it’s correctly being populated.

You can see here it’s a part of the conn_params so we’re sure it’s being passed back to OOD from the compute node.

In chrome you can open your developer tools and see the actual POST request you sent (specifically with the headers we’re interested in). I’d wonder if it’s correctly being populated. If you inspect that request, do you correctly have the csrf-token cookie?

This is my submit.yml.erb

---
batch_connect:
  template: "basic"
  conn_params:
    - csrf_token
script:
  queue_name: <%= custom_queue %>
  gpus_per_node: <%= custom_gres %>


Is this what you would like to see?

Your view.html.erb shows it as csrf-token. Here in this image I see it as rs-csrf-token. I know there’s a comment somewhere about the name of the cookie changing, but I don’t know if it ever did.

I grep token on every folder there but it doesn’t have rs-csrf-token

[cnuttapong@management rstudio]$ grep token *
submit.yml.erb:    - csrf_token
grep: template: Is a directory
view.html.erb:		      rstuido wants a cookie called csrf-token - but that's going to change in 2020!
view.html.erb:		  let cookie = `csrf-token=<%= csrf_token %>;${expires};${cookiePath};SameSite=strict;secure`;
view.html.erb:  <input type="hidden" name="csrf-token" value="<%= csrf_token %>"/>
[cnuttapong@management rstudio]$ grep template/* *
grep: template/bin: Is a directory
grep: template: Is a directory
[cnuttapong@management rstudio]$ grep template/* ^C
[cnuttapong@management rstudio]$ grep token *
submit.yml.erb:    - csrf_token
grep: template: Is a directory
view.html.erb:		      rstuido wants a cookie called csrf-token - but that's going to change in 2020!
view.html.erb:		  let cookie = `csrf-token=<%= csrf_token %>;${expires};${cookiePath};SameSite=strict;secure`;
view.html.erb:  <input type="hidden" name="csrf-token" value="<%= csrf_token %>"/>
[cnuttapong@management rstudio]$ grep token template/*
template/before.sh.erb: csrftoken=SecureRandom.uuid
template/before.sh.erb:export csrftoken="<%= csrftoken %>"
grep: template/bin: Is a directory
template/script.sh.erb:echo "CSRF TOKEN: $csrf_token"
[cnuttapong@management rstudio]$ grep token template/bin/*
[cnuttapong@management rstudio]$

Not sure what’s going. You see the screen shot is rs-csrf-token with the appropriate created date. Are there errors in the console log?

Sorry previous i use firefox now i changed to use chrome to see POST request it show like this.

rs-csrf-token=8668f85b-f31e-4b44-897e-2da95b0b567c; csrf-token=8668f85b-f31e-4b44-897e-2da95b0b567c; mod_auth_openidc_session=7679867b-88d8-4c16-9f2f-4661affb5a6b

Hi, I’ve change auth from lt to ne. the result is same