@Findus23 opened this Issue on March 12th 2019 Member

#12208 improved the security of Matomo sessions, but it also seems to have caused some (broken) environments that formerly worked to fail with the Form security failed error.

At the moment the error mentions four suggestions:

  • Please reload the form
  • and check that your cookies are enabled.
  • If you use a proxy server, you must configure Matomo to accept the proxy header that forwards the Host header.
  • Also, check that your Referrer header is sent correctly.

But there seem to be more reasons that can cause this bug:

https://forum.matomo.org/t/cant-login-after-fresh-and-successfull-install-behind-proxy-3-8-1/32006
(reverse proxy blocked the cookie header)
https://forum.matomo.org/t/cannot-login-after-3-7-to-3-8-1-update/31969?u=lukas

I do have a reverse proxy (haproxy) as well as a cache layer (varnish) before apache 2.4, with remoteip module enabled.

https://forum.matomo.org/t/update-to-3-8-0-problems/31336/10?u=lukas

https://forum.matomo.org/t/2-problems-with-matomo/31434/9?u=lukas

Unfortunately it is hard to know what exactly is causing the issue in the latter cases, so maybe just a FAQ that lists common reason could already help.

@mattab commented on July 9th 2019 Member

@Findus23 a new FAQ sounds good :+1: Could you maybe suggest a question and answer text for this?

(then we could maybe add a brief link to this new faq in the error message).

Powered by GitHub Issue Mirror