CSRF Token mismatch


I got a passbolt server running but since 1 Month i got the problem that no one can change or create a new entry. Passbolt just says “something went wrong”. When i search for the Error in the logs i cant found much.
The weird thing is, when the log say this error happened at 15:12 i actually happened exactly 2 hours later. Every Error that is documentated happened 2 hours later.


The Healtcheck got these two errors:
SSL peer certificate does not validate
Hostname does not match when validating certificates.

Server Informations:
OS:Linux Ubuntu 16.04 LTS
Webserver: Apache2
Database: mysql
Passbolt version: 2.2.0
PHP Version: 7.0

[x] I have read intro post: About the Installation Issues category
[x] I have read the tutorials, help and searched for similar issues
[x] I provide relevant information about my server (component names and versions, etc.)
[x] I provide a copy of my logs and healthcheck
[ ] I describe the steps I have taken to trouble shoot the problem
[ ] I describe the steps on how to reproduce the issue

Hello @Julien,

Is it the same instance than the issue you got here ? Segmentation fault (Core dumped) error

Can you open your browser and check that while posting the request, the header X-CSRF-TOKEN is present.

Thanks for your reply. Yes, this is the same instance. Can you explain how i get there? im not using passbolt in the browser. I do only configure it for my company.

I found it myself. But it doesnt show the X-CSRF-TOKEN.

The only things it shows are these:

The CSRF token has been introduced in the v2.2.0 release (published 9 days ago), it should be present in all requests made to the API.
Did you upgrade your passbolt from a previous version ? If it is the case, you could try to clean the cache of your browser, and try again.

Yes, our Passbolt was updated. I cleared the cache of my Browser but its still not working

In the cookie section you should see the CSRF token, this is the way it is passed to the client application.
If you don’t see it, please consider deleting the cookie, and try again.

How do i delete the cookie?
Do you mean the cache in firefox or the csrf cookie from passbolt itself?

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.