Can't verify CSRF token authenticity

Hello GitLab community,

I’m experiencing frequent occurrences of the following error in my self-hosted GitLab ce 17.3.6 (/var/log/gitlab/gitlab-rails/production.log ):
"Can't verify CSRF token authenticity"

I have used the settings nginx[‘redirect_http_to_https’] = true
I have not used nginx[‘redirect_http_to_https_port’] = 80 because by default gitlab redirected http to https with nginx[‘redirect_http_to_https’] = true
The external urls & proxy settings are correctly configured.

Here are some details about my setup:

  • GitLab Version: GitLab CE 17.3.6
  • Reverse Proxy: nginx
  • Hosting Environment: On-premises, self-hosted

Could this issue be related to browser sessions or specific user settings, or is there another configuration I should investigate?
Any advice on diagnosing and fixing this error would be greatly appreciated.

1 Like