Issue with Chrome v4.5.0

This is a post to for users reporting issues with passbolt browser extension.

What is the issue?
Since the rolllout of v4.5 on chrome, some users are reporting not being able to access passbolt. Typically they will experience a blank page on login. In the log they will see errors related to the CSRF token.

Who is affected
Users that have their instance running passbolt under a directory (e.g.

What is the root cause of the issue
The issue is a change introduced in the browser extension with v4.5 on how CSRF token is managed.

Temporary workaround
For those requiring immediate access to their passwords, two temporary solutions are available:

  1. Opt for Firefox or Edge browsers, as they are not affected by this problem.
  2. Or manually adjust the cookie settings:
  • Navigate to your Passbolt instance URL using your browser.
  • Access the Chrome developer tools through this link .
  • Within the developer tools, select the ‘Application’ tab.
  • From the left sidebar, click on ‘Cookies’ and then select your Passbolt URL.
  • In the main panel, right-click on the cell for the ‘csrfToken’ path and choose ‘Edit path’.
  • Eliminate the trailing slash from the path.
  • Reload the page, you should be able to sign-in to passbolt

Long term fix
The team is currently working on releasing v4.5.1 as a hotfix. Ref. Release v4.5.1-rc.0 · passbolt/passbolt_browser_extension · GitHub
We will keep you posted here when the fix is available.

Thank you for your patience and apologies for the inconvenience.


Thank you for your advice! I’m experiencing connection problems to my Keycloak and I want to ask if it could be related to this issue or if something else is failing (yesterday was working fine, I don’t know if it was caused by the update of the API or something else).

Would be best if you could open a new issue with more details about your setup and the error logs from the browser extension / server if any. This seems like a different issue to me.

1 Like

The Chrome extension v4.5.1 was rolled out in production this morning and should solve this issue.