The Basics
- 30.0.5
replace me
- Operating system and version (e.g., Ubuntu 24.04):
- Ubuntu 24.04
- Web server and version (e.g, Apache 2.4.25):
- Apache/2.4.58 (Ubuntu)
- Reverse proxy and version _(e.g. nginx 1.27.2)
- NGINX Proxy Manager
- PHP version (e.g, 8.3):
- 8.2.27
- Is this the first time you’ve seen this error? (Yes / No):
- yes
- When did this problem seem to first start?
- a few days ago
- Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
- Bare Metal
- Are you using CloudfIare, mod_security, or similar? (Yes / No)
- Crowdsec
Summary of the issue you are facing:
Whenever I log into my Desktop Fedora PC (F41) and open the Nextcloud on Firefox I’ll find a "Tried to log in but could not verify token " information in the logs. It repeats every 12 mins as long as Firefox is open. Same issue happens sometimes on the mobile version of Firefox, too, but the log is spammed with two dozens of “informations” in a few seconds and nothing thereafter.
But I can use Nextcloud normally, no issues there. I’m not disconnected or anything.
No issues on Firefox Ubuntu 24.10 though.
Steps to replicate it (hint: details matter!):
- Open into Firefox, Fedora rpm 134.0.2
- Log into nextcloud
Log entries
Nextcloud
{"reqId":"xbHyXEk5OGD0YB8x8SQP","level":1,"time":"2025-02-02T10:36:14+00:00","remoteAddr":"88.xxx.xxx.xxx","user":"--","app":"core","method":"GET","url":"/index.php/csrftoken","message":"Tried to log in but could not verify token","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36.0 (KHTML, like Gecko) Chrome/130.0.6723.118 Safari/537.36.0","version":"30.0.5.1","data":{"app":"core","user":"xxx"},"id":"679f4cf597091"
Configuration
Nextcloud
The output of occ config:list system
or similar is best, but, if not possible, the contents of your config.php
file from /path/to/nextcloud
is fine (make sure to remove any identifiable information!):
{
"system": {
"instanceid": "***REMOVED SENSITIVE VALUE***",
"memcache.locking": "\\OC\\Memcache\\Redis",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_proxies": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "mysql",
"version": "30.0.5.1",
"overwrite.cli.url": "https:\/\/192.168.1.246",
"overwriteprotocol": "https",
"overwritewebroot": "",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"memcache.local": "\\OC\\Memcache\\APCu",
"default_phone_region": "DE",
"mail_smtpmode": "smtp",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_sendmailmode": "smtp",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtpauthtype": "LOGIN",
"mail_smtpauth": 1,
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"mail_smtpsecure": "ssl",
"mail_smtpport": "465",
"maintenance": false,
"loglevel": 1,
"theme": "",
"maintenance_window_start": 1,
"app_install_overwrite": [
"documentserver_community",
"news",
"backup",
"spreed",
"files_rightclick"
],
"log.condition": {
"apps": [
"admin_audit"
]
}
}
}
Apps
The output of occ app:list
(if possible).
Enabled:
- activity: 3.0.0
- admin_audit: 1.20.0
- app_api: 4.0.5
- assistant: 2.3.0
- bruteforcesettings: 3.0.0
- calendar: 5.0.9
- circles: 30.0.0
- cloud_federation_api: 1.13.0
- comments: 1.20.1
- contacts: 6.1.3
- contactsinteraction: 1.11.0
- dashboard: 7.10.0
- dav: 1.31.1
- federatedfilesharing: 1.20.0
- federation: 1.20.0
- files: 2.2.0
- files_downloadlimit: 3.0.0
- files_external: 1.22.0
- files_pdfviewer: 3.0.0
- files_reminders: 1.3.0
- files_sharing: 1.22.0
- files_trashbin: 1.20.1
- files_versions: 1.23.0
- firstrunwizard: 3.0.0
- gpoddersync: 3.11.0
- integration_openai: 3.4.0
- logreader: 3.0.0
- lookup_server_connector: 1.18.0
- maps: 1.5.0
- metadata: 0.21.0
- nextcloud_announcements: 2.0.0
- notes: 4.11.0
- notifications: 3.0.0
- oauth2: 1.18.1
- password_policy: 2.0.0
- photos: 3.0.2
- polls: 7.2.9
- privacy: 2.0.0
- provisioning_api: 1.20.0
- recognize: 8.2.0
- recommendations: 3.0.0
- related_resources: 1.5.0
- richdocuments: 8.5.3
- serverinfo: 2.0.0
- settings: 1.13.0
- sharebymail: 1.20.0
- spreed: 20.1.3
- support: 2.0.0
- survey_client: 2.0.0
- systemtags: 1.20.0
- tasks: 0.16.1
- text: 4.1.0
- theming: 2.5.0
- twofactor_backupcodes: 1.19.0
- updatenotification: 1.20.0
- user_status: 1.10.0
- viewer: 3.0.0
- weather_status: 1.10.0
- webhook_listeners: 1.1.0-dev
- workflowengine: 2.12.0
Disabled: - encryption: 2.18.0
- suspicious_login: 8.0.0 (installed 8.0.0)
- twofactor_nextcloud_notification: 4.0.0
- twofactor_totp: 12.0.0-dev
- user_ldap: 1.21.0