If you get the error message “CSRF token verification failed” when attempting to login to your Zammad Web Dashboard, we’ve got a solution for you. In most installations of Zammad, whether dockerized or direct packages installations on a base OS, access is proxied via Nginx or Apache web server.
The “Can’t login because of CSRF token errors” is usually witnessed on systems with more than one proxy server. To solve the issue we need to tell our web server which connection type was used by the user. Open your Zammad proxy configuration file.
For Nginx users
If you are running Zammad behind Nginx proxy server, open your virtual host configuration and locate both directives proxy_set_header X-Forwarded-Proto and replace $scheme by https.
sudo vim /etc/nginx/conf.d/zammad.confIt should look like below after the changes.
proxy_set_header X-Forwarded-Proto https;Replace all occurrences under the following blocks:
- location /ws
- location /cable
- location /
Restart nginx after making the changes:
sudo systemctl restart nginxFor Apache users
Open your virtual host configuration just above the first ProxyPass directive insert:
RequestHeader set X_FORWARDED_PROTO 'https'
RequestHeader set X-Forwarded-Ssl onRestart Apache web server after the changes are made:
sudo systemctl restart apache2