Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Getting InvalidCsrfTokenException: Invalid CSRF Token 'undefined' after upgrade to JHipster 4.10.0
See original GitHub issueOverview of the issue
After upgrading my Jhipster application from 4.01 version to 4.10 the logout functionality is not working properly. When clicking on logout option the page doesn’t get redirected to the home screen. Not sure using CsrfFilter is causing this issue.
Motivation for or Use Case
Error coming in logs and user is not redirected from dashboard to home screen after logout. Second logout click works.
Reproduce the error
I am seeing the following exception in the logs Java logs
2017-11-02 10:08:33.023 DEBUG 2192 --- [ XNIO-7 task-21] com.hclue.aop.logging.LoggingAspect : Enter: com.hclue.web.rest.AccountResource.getAccount() with argument[s] = []
2017-11-02 10:08:33.036 DEBUG 2192 --- [ XNIO-7 task-20] c.h.s.PersistentTokenRememberMeServices : Cancelling cookie
2017-11-02 10:08:33.038 DEBUG 2192 --- [ XNIO-7 task-21] com.hclue.aop.logging.LoggingAspect : Enter: com.hclue.service.UserService.getUserWithAuthorities() with argument[s] = []
2017-11-02 10:08:33.051 DEBUG 2192 --- [ XNIO-7 task-21] com.hclue.aop.logging.LoggingAspect : Exit: com.hclue.service.UserService.getUserWithAuthorities() with result = User{login='pankajppr', firstName='Pankaj', lastName='Jaiswal', email='pankajppr@gmail.com', imageUrl='null', activated='true', langKey='en', activationKey='null'}
2017-11-02 10:08:33.052 DEBUG 2192 --- [ XNIO-7 task-21] com.hclue.aop.logging.LoggingAspect : Exit: com.hclue.web.rest.AccountResource.getAccount() with result = <200 OK,UserDTO{login='pankajppr', firstName='Pankaj', lastName='Jaiswal', email='pankajppr@gmail.com', imageUrl='null', activated=true, langKey='en', createdBy=admin, createdDate=2017-10-30T04:52:23Z, lastModifiedBy='system', lastModifiedDate=2017-11-02T04:03:55Z, authorities=[ROLE_USER]},{}>
2017-11-02 10:08:33.066 DEBUG 2192 --- [ XNIO-7 task-22] com.hclue.aop.logging.LoggingAspect : Enter: org.springframework.boot.actuate.audit.AuditEventRepository.add() with argument[s] = [AuditEvent [timestamp=Thu Nov 02 10:08:33 IST 2017, principal=anonymousUser, type=AUTHORIZATION_FAILURE, data={details=org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null, type=org.springframework.security.access.AccessDeniedException, message=Access is denied}]]
2017-11-02 10:08:33.071 DEBUG 2192 --- [ XNIO-7 task-23] com.hclue.aop.logging.LoggingAspect : Enter: com.hclue.web.rest.ProfileInfoResource.getActiveProfiles() with argument[s] = []
2017-11-02 10:08:33.077 DEBUG 2192 --- [ XNIO-7 task-22] com.hclue.aop.logging.LoggingAspect : Exit: org.springframework.boot.actuate.audit.AuditEventRepository.add() with result = null
2017-11-02 10:08:33.077 DEBUG 2192 --- [ XNIO-7 task-23] com.hclue.aop.logging.LoggingAspect : Exit: com.hclue.web.rest.ProfileInfoResource.getActiveProfiles() with result = com.hclue.web.rest.ProfileInfoResource$ProfileInfoVM@43474e31
2017-11-02 10:08:33.079 WARN 2192 --- [ XNIO-7 task-22] o.z.p.spring.web.advice.AdviceTrait : Unauthorized: Full authentication is required to access this resource
2017-11-02 10:08:33.080 WARN 2192 --- [ XNIO-7 task-22] .m.m.a.ExceptionHandlerExceptionResolver : Resolved exception caused by Handler execution: org.springframework.security.authentication.InsufficientAuthenticationException: Full authentication is required to access this resource
2017-11-02 10:08:33.140 ERROR 2192 --- [ XNIO-7 I/O-4] o.s.w.s.m.StompSubProtocolHandler : Failed to send client message to application via MessageChannel in session o2bkzkaq. Sending STOMP ERROR to client.
org.springframework.messaging.MessageDeliveryException: Failed to send message to ExecutorSubscribableChannel[clientInboundChannel]; nested exception is org.springframework.security.web.csrf.InvalidCsrfTokenException: Invalid CSRF Token 'undefined' was found on the request parameter '_csrf' or header 'X-XSRF-TOKEN'.
at org.springframework.messaging.support.AbstractMessageChannel.send(AbstractMessageChannel.java:127)
at org.springframework.messaging.support.AbstractMessageChannel.send(AbstractMessageChannel.java:104)
at org.springframework.web.socket.messaging.StompSubProtocolHandler.handleMessageFromClient(StompSubProtocolHandler.java:298)
at org.springframework.web.socket.messaging.SubProtocolWebSocketHandler.handleMessage(SubProtocolWebSocketHandler.java:307)
at org.springframework.web.socket.handler.WebSocketHandlerDecorator.handleMessage(WebSocketHandlerDecorator.java:75)
at org.springframework.web.socket.handler.LoggingWebSocketHandlerDecorator.handleMessage(LoggingWebSocketHandlerDecorator.java:56)
at org.springframework.web.socket.handler.ExceptionWebSocketHandlerDecorator.handleMessage(ExceptionWebSocketHandlerDecorator.java:58)
at org.springframework.web.socket.sockjs.transport.session.AbstractSockJsSession.delegateMessages(AbstractSockJsSession.java:380)
at org.springframework.web.socket.sockjs.transport.session.WebSocketServerSockJsSession.handleMessage(WebSocketServerSockJsSession.java:193)
at org.springframework.web.socket.sockjs.transport.handler.SockJsWebSocketHandler.handleTextMessage(SockJsWebSocketHandler.java:92)
at org.springframework.web.socket.handler.AbstractWebSocketHandler.handleMessage(AbstractWebSocketHandler.java:43)
at org.springframework.web.socket.adapter.standard.StandardWebSocketHandlerAdapter.handleTextMessage(StandardWebSocketHandlerAdapter.java:110)
at org.springframework.web.socket.adapter.standard.StandardWebSocketHandlerAdapter.access$000(StandardWebSocketHandlerAdapter.java:42)
at org.springframework.web.socket.adapter.standard.StandardWebSocketHandlerAdapter$3.onMessage(StandardWebSocketHandlerAdapter.java:81)
at org.springframework.web.socket.adapter.standard.StandardWebSocketHandlerAdapter$3.onMessage(StandardWebSocketHandlerAdapter.java:78)
at io.undertow.websockets.jsr.FrameHandler$7.run(FrameHandler.java:283)
at io.undertow.websockets.jsr.ServerWebSocketContainer$1.call(ServerWebSocketContainer.java:162)
at io.undertow.websockets.jsr.ServerWebSocketContainer$1.call(ServerWebSocketContainer.java:159)
at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at io.undertow.websockets.jsr.ServerWebSocketContainer.invokeEndpointMethod(ServerWebSocketContainer.java:575)
at io.undertow.websockets.jsr.ServerWebSocketContainer.invokeEndpointMethod(ServerWebSocketContainer.java:565)
at io.undertow.websockets.jsr.FrameHandler.invokeTextHandler(FrameHandler.java:263)
at io.undertow.websockets.jsr.FrameHandler.onFullTextMessage(FrameHandler.java:314)
at io.undertow.websockets.core.AbstractReceiveListener$2.complete(AbstractReceiveListener.java:156)
at io.undertow.websockets.core.AbstractReceiveListener$2.complete(AbstractReceiveListener.java:152)
at io.undertow.websockets.core.BufferedTextMessage.read(BufferedTextMessage.java:105)
at io.undertow.websockets.core.AbstractReceiveListener.readBufferedText(AbstractReceiveListener.java:152)
at io.undertow.websockets.core.AbstractReceiveListener.bufferFullMessage(AbstractReceiveListener.java:90)
at io.undertow.websockets.jsr.FrameHandler.onText(FrameHandler.java:179)
at io.undertow.websockets.core.AbstractReceiveListener.handleEvent(AbstractReceiveListener.java:44)
at io.undertow.websockets.core.AbstractReceiveListener.handleEvent(AbstractReceiveListener.java:33)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
at io.undertow.server.protocol.framed.AbstractFramedChannel$FrameReadListener.handleEvent(AbstractFramedChannel.java:932)
at io.undertow.server.protocol.framed.AbstractFramedChannel$FrameReadListener.handleEvent(AbstractFramedChannel.java:913)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:88)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:561)
Caused by: org.springframework.security.web.csrf.InvalidCsrfTokenException: Invalid CSRF Token 'undefined' was found on the request parameter '_csrf' or header 'X-XSRF-TOKEN'.
at org.springframework.security.messaging.web.csrf.CsrfChannelInterceptor.preSend(CsrfChannelInterceptor.java:65)
at org.springframework.messaging.support.AbstractMessageChannel$ChannelInterceptorChain.applyPreSend(AbstractMessageChannel.java:158)
at org.springframework.messaging.support.AbstractMessageChannel.send(AbstractMessageChannel.java:113)
... 37 common frames omitted
UI side errror:
<<< ERROR
message:Failed to send message to ExecutorSubscribableChannel[clientInboundChannel]; nested exception is org.springframework.security.web.csrf.InvalidCsrfTokenException\c Invalid CSRF Token 'undefined' was found on the request parameter '_csrf' or header 'X-XSRF-TOKEN'.
content-length:0
Related issues
Suggest a Fix
JHipster Version(s)
JHipster 4.10.0
JHipster configuration
$ jhipster info Using JHipster version installed locally in current project’s node_modules Executing jhipster:info Options: Welcome to the JHipster Information Sub-Generator
JHipster Version(s)
hclue-test-3@0.0.0 C:\Users\panka\workspace\Hipster\hclueTest2\hclue
+-- generator-jhipster@4.10.0
+-- generator-jhipster-google-maps@0.0.1
| `-- generator-jhipster@2.25.0
`-- UNMET PEER DEPENDENCY popper.js@^1.11.0
JHipster configuration, a .yo-rc.json file generated in the root folder
.yo-rc.json file
{
"generator-jhipster": {
"jhipsterVersion": "4.10.0",
"baseName": "hclueTest3",
"packageName": "com.hclue",
"packageFolder": "com/hclue",
"serverPort": "8080",
"authenticationType": "session",
"hibernateCache": "ehcache",
"clusteredHttpSession": false,
"websocket": "spring-websocket",
"databaseType": "sql",
"devDatabaseType": "mysql",
"prodDatabaseType": "mysql",
"searchEngine": "elasticsearch",
"messageBroker": false,
"buildTool": "maven",
"enableSocialSignIn": false,
"rememberMeKey": "replaced-by-jhipster-info",
"useSass": false,
"clientPackageManager": "yarn",
"applicationType": "monolith",
"clientFramework": "angularX",
"testFrameworks": [
"gatling"
],
"jhiPrefix": "jhi",
"otherModules": [
{
"name": "generator-jhipster-google-maps",
"version": "0.0.1"
},
{
"name": "generator-jhipster-bootstrap-material-design",
"version": "3.5.1"
}
],
"enableTranslation": false,
"serviceDiscoveryType": false
}
}
JDL for the Entity configuration(s) entityName.json files generated in the .jhipster directory
JDL entity definitions
entity RegisteredDoctors (registered_doctors) {
firstName String required,
lastName String required,
phoneNumber Integer,
email String required,
zipCode Integer required,
activated Boolean required
}
entity Specializations (specializations) {
specialtyName String
}
relationship OneToOne {
RegisteredDoctors{specialty(specialtyName)} to Specializations
}
dto RegisteredDoctors, Specializations with mapstruct
paginate RegisteredDoctors with infinite-scroll
service RegisteredDoctors, Specializations with serviceImpl
paginate Specializations with pagination
Environment and Tools
java version “1.8.0_111” Java™ SE Runtime Environment (build 1.8.0_111-b14) Java HotSpot™ 64-Bit Server VM (build 25.111-b14, mixed mode)
git version 2.10.2.windows.1
node: v6.9.5
npm: 4.2.0
bower: 1.8.0
gulp: [10:21:14] CLI version 1.2.2
yeoman: 2.0.0
yarn: 0.19.1
Congratulations, JHipster execution is complete!
Entity configuration(s) entityName.json files generated in the .jhipster directory
Browsers and Operating System
Windows10 All browser
- [ checked ] Checking this box is mandatory (this is just to show you read everything)
Issue Analytics
- State:
- Created 6 years ago
- Comments:18 (10 by maintainers)
Top Results From Across the Web
Invalid CSRF Token 'null' was found on the request parameter ...
Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-CSRF-TOKEN'. UPDATE After some debug, the request object gets out...
Read more >Invalid CSRF token error - HappyFox Support
Open the Firefox Options menu. On the left, select Privacy & Security. Under Cookies and Site Data click on Manage Permissions, copy and...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I would suggest to start by comparing the new app you generated and your old app using some tool like beyond compare or git and see what are the differences, and you might find the issue
Thanks & Regards, Deepu
On Tue, Dec 5, 2017 at 12:57 PM, Steven-Garcia notifications@github.com wrote:
@pankajppr @Steven-Garcia it is really difficult to pinpoint the issue as it seems like you guys might have missed something during merge after the upgrade. Try to copy the
.yo-rc,jsonfile of your app to a new folder and generate it using JHipster and see if it works (As @jdubois tried it should work) now compare that app with your current failing app and see what are the differences using a tool like Beyond Compare or Git depending on preference. I’m sure you will be able to find the missing piece causing issue