You are currently reviewing an older revision of this page.

There is no valid CSRF token in this request

Symptoms

When navigating throughout an Appian environment, users may see the following error in the server log:

WARN com.appiancorp.security.csrf.CsrfTokenManager - There is no valid CSRF token in this request [URI=/suite/framework/backgroundAction.none]

Cause

Appan uses CSRF cookies that need to be accessible via JavaScript. Users may see the above error if all cookies in the Apache web server have been set to HTTPOnly.  If so, the CSRF cookies don't work.

Action

In the httpd.conf file, change the Set-Cookie configuration to allow for a regex that excludes the CSRF tokens. The names of the CSRF tokens are _appianCsrfToken and _appianMultipartCsrfToken.

More information on how to exclude cookies from the HttpOnly setting can be found here: https://www.tunetheweb.com/security/http-security-headers/secure-cookies/

 

Affected Versions

This article applies to all versions of Appian using Apache as a web server.

Last Reviewed: May 2018

© 2024 Appian. All rights reserved.
We want to hear from you! Submit a review on Gartner or G2.