Cumulocity: "xsrf attack detected" on login

Product/components used and version/fix level:

Cumulocity Instance on eu-latest

{{url}}/tenant/system/options/system/version
{
    "category": "system",
    "value": "1020.73.0",
    "key": "version"
}

Detailed explanation of the problem:

Hello Tech Community, can someone tell me what this error message means? I got it this morning when loggin into the cumulocity admin application of my tenant.

Error messages / full error message screenshot / log file:

{
  "error": "security/Unauthorized",
  "message": "xsrf attack detected",
  "info": "https://www.cumulocity.com/guides/reference/rest-implementation//#a-name-error-reporting-a-error-reporting"
}

Question related to a free trial, or to a production (customer) instance?

Research Instance

Hi @anon7369764

This message refers to: Cross-site request forgery - Wikipedia
To prevent these attacks, every request to the Cumulocity API needs to include the X-XSRF-TOKEN header, in addition to the authorization token that is by default included in the cookie being sent. The value for the X-XSRF-TOKEN header is taken from the XSRF-TOKEN cookie that is set during login on the client.

Is the Administration application that you have opened the standard application or have you performed any modifications to it (e.g. uploaded a custom build or installed a plugin to it)? Can you check which of the requests to the backend is failing with this error in your browsers network tools?

Regards,
Tristan

Hi @Tristan_Bastian,

yes i already figured it’s something about this token but i wasn’t able to pin down the source of the problem.
I did use the default application, but I’m not able to reproduce the error anymore. Maybe it was just a glitch with some cache i guess?

Best regards
Yannick

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.