422 The change you requested was rejected

Hi all,

We use an onpremis ubuntu server with Gitlab installed, suddenly over the weekend we get an error “422 The change you requested was rejected” when we want to login.

We use the standard login method, so no LDAP or anything special. The site is accessible internally by using http and there is no change known on this server.

The Console option within Chrome gives me this:
“POST http://HOSTNAME/users/sign_in 422 (Unprocessable Entity)”

The Production.log shows:

Processing by SessionsController#create as HTML
Parameters: {“utf8”=>“✓”, “authenticity_token”=>"[FILTERED]", “user”=>{“login”=>“root”, “password”=>"[FILTERED]", “remember_me”=>“1”}}
Can’t verify CSRF token authenticity
Completed 422 Unprocessable Entity in 88ms (ActiveRecord: 1.5ms)

ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
lib/gitlab/middleware/multipart.rb:95:in call' lib/gitlab/request_profiler/middleware.rb:14:in call’
lib/gitlab/middleware/go.rb:17:in call' lib/gitlab/etag_caching/middleware.rb:11:in call’
lib/gitlab/middleware/read_only/controller.rb:28:in call' lib/gitlab/middleware/read_only.rb:16:in call’
lib/gitlab/request_context.rb:18:in call' lib/gitlab/metrics/requests_rack_middleware.rb:27:in call’
lib/gitlab/middleware/release_env.rb:10:in `call’

I do not use a proxy server, years ago we’ve installed the gitlab-omnibus package and upgraded on that. I’ve not enabled the NGINX in the config.

The people that still have a working cookie still can access the system, but people that need to authenticate can’t.

I’ve run the check using " sudo gitlab-rake gitlab:check":

company@CJVUBUNTU:~$ sudo gitlab-rake gitlab:check
Checking GitLab Shell …

GitLab Shell version >= 6.0.4 ? … OK (6.0.4)
Repo base directory exists?
default… yes
Repo storage directories are symlinks?
default… no
Repo paths owned by git:root, or git:git?
default… yes
Repo paths access is drwxrws—?
default… yes
hooks directories in repos are links: …
companyFM / Web … ok
companyFM / DbUpdate … ok
hackathon2017 / Dracarys … ok
companyFM / DrawingDisplacementCorrectionTool … ok
companyFM / PortalUiTool … ok
companyFM / SendMailService … ok
companyFM / ResourceManager … ok
companyFM / CFMDMS … ok
companyFM / CFMCUBE … ok
companyFM / TestSysMgr … ok
companyFM / jenkins … ok
companyFM / Client … ok
MobileApps / CleaningManagement … ok
MobileApps / TreeManagement … ok
MobileApps / Inventory … ok
Hosting / HostingEnvironment … ok
Hosting / FMDesign … ok
Hosting / MobileCleaningControl … ok
Hosting / MobileDataEntry … ok
Hosting / MobileMaintenance … ok
Hosting / MobileTreeManagement … ok
MobileApps / Maintenance … ok
companyFM / LicenseDefinition … ok
InternalTools / OracleServerManager … ok
InternalTools / ApplicationServerManager … ok
companyFM / AttachmentSecurityPatch … ok
companyFM / JIRAReleaseNoteGenerator … ok
companyFM / CADExport … ok
companyFM / DbCreate … ok
companyFM / LicenseTool … ok
MobileApps / Inventory-X … repository is empty
Running /opt/gitlab/embedded/service/gitlab-shell/bin/check
Check GitLab API access: OK
Redis available via internal API: OK

Access to /var/opt/gitlab/.ssh/authorized_keys: OK
gitlab-shell self-check successful

Checking GitLab Shell … Finished

Checking Sidekiq …

Running? … yes
Number of Sidekiq processes … 1

Checking Sidekiq … Finished

Reply by email is disabled in config/gitlab.yml
Checking LDAP …

LDAP is disabled in config/gitlab.yml

Checking LDAP … Finished

Checking GitLab …

Git configured correctly? … yes
Database config exists? … yes
All migrations up? … yes
Database contains orphaned GroupMembers? … no
GitLab config exists? … yes
GitLab config up to date? … yes
Log directory writable? … yes
Tmp directory writable? … yes
Uploads directory exists? … yes
Uploads directory has correct permissions? … yes
Uploads directory tmp has correct permissions? … yes
Init script exists? … skipped (omnibus-gitlab has no init script)
Init script up-to-date? … skipped (omnibus-gitlab has no init script)
Projects have namespace: …
companyFM / Web … yes
companyFM / DbUpdate … yes
hackathon2017 / Dracarys … yes
companyFM / DrawingDisplacementCorrectionTool … yes
companyFM / PortalUiTool … yes
companyFM / SendMailService … yes
companyFM / ResourceManager … yes
companyFM / CFMDMS … yes
companyFM / CFMCUBE … yes
companyFM / TestSysMgr … yes
companyFM / jenkins … yes
companyFM / Client … yes
MobileApps / CleaningManagement … yes
MobileApps / TreeManagement … yes
MobileApps / Inventory … yes
Hosting / HostingEnvironment … yes
Hosting / FMDesign … yes
Hosting / MobileCleaningControl … yes
Hosting / MobileDataEntry … yes
Hosting / MobileMaintenance … yes
Hosting / MobileTreeManagement … yes
MobileApps / Maintenance … yes
companyFM / LicenseDefinition … yes
InternalTools / OracleServerManager … yes
InternalTools / ApplicationServerManager … yes
companyFM / AttachmentSecurityPatch … yes
companyFM / JIRAReleaseNoteGenerator … yes
companyFM / CADExport … yes
companyFM / DbCreate … yes
companyFM / LicenseTool … yes
MobileApps / Inventory-X … yes
Redis version >= 2.8.0? … yes
Ruby version >= 2.3.5 ? … yes (2.3.6)
Git version >= 2.9.5 ? … yes (2.14.3)
Git user has default SSH configuration? … yes
Active users: … 27

Checking GitLab … Finished

I am out of options…

I’ve setup Gitlab with HTTPS and enabled, nginx… now we all can work.