KB-1588 "There is no valid CSRF token in this request" error thrown when navigating through Appian with Apache

Elly Meng — Wed, 26 Jan 2022 23:54:48 GMT

Current Revision posted to Appian Knowledge Base by Elly Meng on 1/26/2022 11:54:48 PM

Symptoms

When navigating throughout an Appian environment using Apache as a web server, users may see the following error in the application server log:

WARN com.appiancorp.security.csrf.CsrfTokenManager - There is no valid CSRF token in this request [URI=/suite/framework/backgroundAction.none]

Cause

Appian uses CSRF cookies that need to be accessible via JavaScript. Users may see the error if their Apache web server has been configured to set cookies to HttpOnly due to security policies of their organization. If so, the CSRF cookies don't work.

Action

By default, the Apache Web Server should not be setting cookies to HttpOnly. Please consult your web server admins to see if this setting is in place in the httpd.conf file and request a change back to the default settings as laid out in the Appian documentation:

Affected Versions

This article applies to all self-managed versions of Appian using Apache as a web server.

Last Reviewed: January 2022

Tags: apache, web server, infrastructure, cookies

KB-1588 "There is no valid CSRF token in this request" error thrown when navigating through Appian with Apache

Parmida Borhani — Wed, 10 Feb 2021 04:01:19 GMT

Revision 10 posted to Appian Knowledge Base by Parmida Borhani on 2/10/2021 4:01:19 AM

Symptoms

When navigating throughout an Appian environment using Apache as a web server, users may see the following error in the application server log:

WARN com.appiancorp.security.csrf.CsrfTokenManager - There is no valid CSRF token in this request [URI=/suite/framework/backgroundAction.none]

Cause

Action

Affected Versions

This article applies to all versions of Appian using Apache as a web server.

Last Reviewed: February 2021

Tags: apache, web server, infrastructure, cookies

KB-1588 "There is no valid CSRF token in this request" error thrown when navigating through Appian with Apache

Parmida Borhani — Sun, 07 Feb 2021 22:41:27 GMT

Revision 9 posted to Appian Knowledge Base by Parmida Borhani on 2/7/2021 10:41:27 PM

Symptoms

When navigating throughout an Appian environment using Apache as a web server, users may see the following error in the application server log:

WARN com.appiancorp.security.csrf.CsrfTokenManager - There is no valid CSRF token in this request [URI=/suite/framework/backgroundAction.none]

Cause

Action

Affected Versions

This article applies to all versions of Appian using Apache as a web server.

Last Reviewed: August 2020

Tags: apache, web server, infrastructure, cookies

KB-1588 "There is no valid CSRF token in this request" error thrown when navigating through Appian with Apache

James Lee — Tue, 11 Aug 2020 21:14:15 GMT

Revision 8 posted to Appian Knowledge Base by James Lee on 8/11/2020 9:14:15 PM

Symptoms

When navigating throughout an Appian environment using Apache as a web server, users may see the following error in the application server log:

WARN com.appiancorp.security.csrf.CsrfTokenManager - There is no valid CSRF token in this request [URI=/suite/framework/backgroundAction.none]

Cause

Action

Affected Versions

This article applies to all versions of Appian using Apache as a web server.

Last Reviewed: August 2020

Tags: web server, infrastructure, cookies

KB-1588 "There is no valid CSRF token in this request" error thrown when navigating through Appian with Apache

Parmida Borhani — Tue, 27 Nov 2018 16:55:32 GMT

Revision 7 posted to Appian Knowledge Base by Parmida Borhani on 11/27/2018 4:55:32 PM

Symptoms

When navigating throughout an Appian environment using Apache as a web server, users may see the following error in the application server log:

WARN com.appiancorp.security.csrf.CsrfTokenManager - There is no valid CSRF token in this request [URI=/suite/framework/backgroundAction.none]

Cause

Action

Affected Versions

This article applies to all versions of Appian using Apache as a web server.

Last Reviewed: May 2018

Tags: web server, infrastructure, cookies

KB-1588 "There is no valid CSRF token in this request" error thrown when navigating through Appian with Apache

Jordan Horwat — Mon, 23 Jul 2018 10:22:39 GMT

Revision 6 posted to Appian Knowledge Base by Jordan Horwat on 7/23/2018 10:22:39 AM

Symptoms

When navigating throughout an Appian environment using Apache as a web server, users may see the following error in the application server log:

WARN com.appiancorp.security.csrf.CsrfTokenManager - There is no valid CSRF token in this request [URI=/suite/framework/backgroundAction.none]

Cause

Appan uses CSRF cookies that need to be accessible via JavaScript. Users may see the error if their Apache web server has been configured to set cookies to HttpOnly due to security policies of their organization. If so, the CSRF cookies don't work.

Action

Affected Versions

This article applies to all versions of Appian using Apache as a web server.

Last Reviewed: May 2018

Tags: web server, infrastructure, cookies

KB-1588 "There is no valid CSRF token in this request" error thrown when navigating through Appian with Apache

Nick Vigilante — Tue, 29 May 2018 14:17:37 GMT

Revision 5 posted to Appian Knowledge Base by Nick Vigilante on 5/29/2018 2:17:37 PM

Symptoms

When navigating throughout an Appian environment using Apache as a web server, users may see the following error in the application server log:

WARN com.appiancorp.security.csrf.CsrfTokenManager - There is no valid CSRF token in this request [URI=/suite/framework/backgroundAction.none]

Cause

Action

Affected Versions

This article applies to all versions of Appian using Apache as a web server.

Last Reviewed: May 2018

Tags: web server, cookies

There is no valid CSRF token in this request

Sean Kim — Tue, 29 May 2018 10:15:04 GMT

Revision 4 posted to Appian Knowledge Base by Sean Kim on 5/29/2018 10:15:04 AM

Symptoms

When navigating throughout an Appian environment using Apache as a web server, users may see the following error in the application server log:

WARN com.appiancorp.security.csrf.CsrfTokenManager - There is no valid CSRF token in this request [URI=/suite/framework/backgroundAction.none]

Cause

Action

Affected Versions

This article applies to all versions of Appian using Apache as a web server.

Last Reviewed: May 2018

Tags: web server, cookies

There is no valid CSRF token in this request

Sean Kim — Wed, 23 May 2018 08:03:18 GMT

Revision 3 posted to Appian Knowledge Base by Sean Kim on 5/23/2018 8:03:18 AM

Symptoms

When navigating throughout an Appian environment using Apache as a web server, users may see the following error in the application server log:

WARN com.appiancorp.security.csrf.CsrfTokenManager - There is no valid CSRF token in this request [URI=/suite/framework/backgroundAction.none]

Cause

Action

Affected Versions

This article applies to all versions of Appian using Apache as a web server.

Last Reviewed: May 2018

Tags: web server, cookies

There is no valid CSRF token in this request

Sean Kim — Tue, 22 May 2018 12:56:50 GMT

Revision 2 posted to Appian Knowledge Base by Sean Kim on 5/22/2018 12:56:50 PM

Symptoms

When navigating throughout an Appian environment using Apache as a web server, users may see the following error in the application server log:

WARN com.appiancorp.security.csrf.CsrfTokenManager - There is no valid CSRF token in this request [URI=/suite/framework/backgroundAction.none]

Cause

Appan uses CSRF cookies that need to be accessible via JavaScript. Users may see the error if their Apache web server has been configured to set all cookies to HttpOnly due to security policies of their organization. If so, the CSRF cookies don't work.

Action

In the httpd.conf file, change the Set-Cookie configuration to allow for a RegEx that excludes the CSRF tokens. The names of the CSRF tokens are _appianCsrfToken and _appianMultipartCsrfToken. Please consult your web server admins for additional information.

Affected Versions

This article applies to all versions of Appian using Apache as a web server.

Last Reviewed: May 2018

Tags: web server, cookies

There is no valid CSRF token in this request

Sean Kim — Mon, 21 May 2018 16:00:41 GMT

Revision 1 posted to Appian Knowledge Base by Sean Kim on 5/21/2018 4:00:41 PM

Symptoms

When navigating throughout an Appian environment, users may see the following error in the server log:

WARN com.appiancorp.security.csrf.CsrfTokenManager - There is no valid CSRF token in this request [URI=/suite/framework/backgroundAction.none]

Cause

Appan uses CSRF cookies that need to be accessible via JavaScript. Users may see the above error if all cookies in the Apache web server have been set to HTTPOnly. If so, the CSRF cookies don't work.

Action

In the httpd.conf file, change the Set-Cookie configuration to allow for a regex that excludes the CSRF tokens. The names of the CSRF tokens are _appianCsrfToken and _appianMultipartCsrfToken.

More information on how to exclude cookies from the HttpOnly setting can be found here: https://www.tunetheweb.com/security/http-security-headers/secure-cookies/

Affected Versions

This article applies to all versions of Appian using Apache as a web server.

Last Reviewed: May 2018

Tags: web server, cookies