"external_url" setting causes "The change you wanted was rejected." on fresh install
I posted this on GitHub also, but I guess I should have posted it here. Please let me know the right place for this issue
Since I was having trouble setting up LDAP login for GitLab I decided to completely reinstall it from scratch.
This is on Debian 7.7 with the GitLab Omnibus package.
I did gitlab-ctl cleanse
, dpkg -P gitlab
, even some rm -rf /opt/gitlab
etc. for all files I could find with "gitlab" in it's name and then reinstalled using dpkg -i gitlab_7.4.3-omnibus.5.1.0.ci-1_amd64.deb
.
Gitlab works somehow, but only if I don't specify a HTTPS external_url 'https://xxxxx.domain.com'
.
If I do that, I always get error screens like the following when using forms (like the Sign In form):
422
The change you wanted was rejected.
Maybe you tried to change something you didn't have access to.
I learned that this is related to some anti-CSRF mechanism in Ruby, since in /var/log/gitlab/gitlab-rails/production.log
I see these errors:
Started POST "/users/sign_in" for 188.9.177.98 at 2014-11-08 15:40:59 +0100
Processing by SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"++YH/fm12Ao7yNJubHA7J+ly24HY29l97FVqUIO9q8o=", "user"=>{"login"=>"fooo", "password"=>"[FILTERED]", "remember_me"=>"0"}}
Can't verify CSRF token authenticity
Completed 422 Unprocessable Entity in 3ms
ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
actionpack (4.1.1) lib/action_controller/metal/request_forgery_protection.rb:176:in `handle_unverified_request'
actionpack (4.1.1) lib/action_controller/metal/request_forgery_protection.rb:202:in `handle_unverified_request'
devise (3.2.4) lib/devise/controllers/helpers.rb:182:in `handle_unverified_request'
actionpack (4.1.1) lib/action_controller/metal/request_forgery_protection.rb:197:in `verify_authenticity_token'
activesupport (4.1.1) lib/active_support/callbacks.rb:424:in `block in make_lambda'
activesupport (4.1.1) lib/active_support/callbacks.rb:160:in `call'
activesupport (4.1.1) lib/active_support/callbacks.rb:160:in `block in halting'
activesupport (4.1.1) lib/active_support/callbacks.rb:166:in `call'
.......
Without the external_url
setting GitLab forms work well, but obviously GitLab is using the wrong URL (based on the server host name).
Note that I'm not using Nginx (setting nginx['enable'] = false
) but instead use Apache with reverse proxy to localhost:8080. As said, GitLab is accessed via a HTTPS URL.
What should I do?