"CSRF check failed" with Nextcloud Talk and BigBlueButton App

ℹ️ Support
, ,
1
Support intro

Sorry to hear you’re facing problems. :slightly_frowning_face:

The community help forum (help.nextcloud.com) is for home and non-enterprise users. Support is provided by other community members on a best effort / “as available” basis. All of those responding are volunteering their time to help you.

If you’re using Nextcloud in a business/critical setting, paid and SLA-based support services can be accessed via portal.nextcloud.com where Nextcloud engineers can help ensure your business keeps running smoothly.

Getting help

In order to help you as efficiently (and quickly!) as possible, please fill in as much of the below requested information as you can.

Before clicking submit: Please check if your query is already addressed via the following resources:

(Utilizing these existing resources is typically faster. It also helps reduce the load on our generous volunteers while elevating the signal to noise ratio of the forums otherwise arising from the same queries being posted repeatedly).

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can. :heart:

The Basics

  • Nextcloud Server version (e.g., 29.x.x):
    • 32.0.5
  • Operating system and version (e.g., Ubuntu 24.04):
    • Ubuntu 24.04.3
  • Web server and version (e.g, Apache 2.4.25):
    • Apache 2.4.58
  • Reverse proxy and version _(e.g. nginx 1.27.2)
    • Apache 2.4.58
  • PHP version (e.g, 8.3):
    • 8.3
  • Is this the first time you’ve seen this error? (Yes / No):
    • yes
  • When did this problem seem to first start?
    • when trying to create a room with the BBB app or starting a call with Talk
  • Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
    • Bare Metal
  • Are you using CloudfIare, mod_security, or similar? (Yes / No)
    • no

Summary of the issue you are facing:

  • BigBlueButton App: I installed the bbb addon manually and built it with “make build” - nodejs and npm are both installed.
    I set the BigBlueButton URL and Secret (Scalelite behind it) and when trying to create a room, I get this error:
    AxiosError: Request failed with status code 400
    Looking into the browser console, I can see this status code comes from apps/bbb/rooms, so I tried opening it manually.
    When opening it manually (nextcloud.xxx.com/apps/bbb/rooms) I got the CSRF check failed error message.

  • Nextcloud App: Basically the same as with the BigBlueButton addon. Installed the App, configured a high performance backend and when trying to start a call I get this error message in the browser log:
    signaling.js:1089 Could not connect to server using backend url
    ocs/v2.php/apps/spreed/api/v3/signaling/backend

    When trying to open that link manually, I get the CSRF error again.
    Both apps work with a fresh install of nextcloud but on our existing one it just refuses to work with the same credentials.

Steps to replicate it (hint: details matter!):

  1. Install Talk / BigBlueButton App

  2. Set BBB URL and Secret / configure Nextcloud Talk HPB

  3. Try to create room in BBB / start a call in Talk

  4. Errors appear

Log entries

Nextcloud

Please provide the log entries from your Nextcloud log that are generated during the time of problem (via the Copy raw option from Administration settings->Logging screen or from your nextcloud.log located in your data directory). Feel free to use a pastebin/gist service if necessary.

https://paste.scrunkly.cat/raw/eel-rat-squid

(this is the only error message I can see in “Logging”

Web Browser

If the problem is related to the Web interface, open your browser inspector Console and Network tabs while refreshing (reloading) and reproducing the problem. Provide any relevant output/errors here that appear.

<See above - Summary of the issue you are facing>

Configuration

Nextcloud

The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):

https://paste.scrunkly.cat/upload/bat-fish-goat

Tips for increasing the likelihood of a response

  • Use the preformatted text formatting option in the editor for all log entries and configuration output.
  • If screenshots are useful, feel free to include them.
    • If possible, also include key error output in text form so it can be searched for.
  • Try to edit log output only minimally (if at all) so that it can be ran through analyzers / formatters by those trying to help you.
2

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.