KB-1588 "There is no valid CSRF token in this request" error thrown when navigating through Appian with Apache

Symptoms

When navigating throughout an Appian environment using Apache as a web server, users may see the following error in the application server log:

WARN com.appiancorp.security.csrf.CsrfTokenManager - There is no valid CSRF token in this request [URI=/suite/framework/backgroundAction.none]

Cause

Appian uses CSRF cookies that need to be accessible via JavaScript. Users may see the error if their Apache web server has been configured to set cookies to HttpOnly due to security policies of their organization. If so, the CSRF cookies don't work.

Action

By default, the Apache Web Server should not be setting cookies to HttpOnly. Please consult your web server admins to see if this setting is in place in the httpd.conf file and request a change back to the default settings as laid out in the Appian documentation here: Configuring Apache Web Server with JBoss

Affected Versions

This article applies to all versions of Appian using Apache as a web server.

Last Reviewed: May 2018

Related
Recommended