I am getting this error in cli-log
2022-11-04T13:24:16.456143Z WARN kopia/server got invalid CSRF token for /api/v1/tasks/15/logs: f547c43cf305f56ef1cf35c345abe4faf5f390fa20b9bea89ca0754146552b24, want e083eb2f3e4db61ab46587866e34081a1711e8adc9dd3d5449e41a5913ebd017, session 6cd1e736-d6cf-439b-91fa-881851833667
And kopia has stoped to write logs in the content-logs folder, is this related? how can I fix it?
Does kopia has a sustem to autorotate the logs?
I am using docker
I âfixedâ it with this parameter ââdisable-csrf-token-checksâ itâs oK? or itâs bad?
On the other hand as I said the docker is not writing logs anymore.
docker run
-d
âname=âKopiaâ
ânet=âbr1â
âip=â10.10.40.31â
âcpuset-cpus=â8,9,10,11,20,21,22,23â
-e TZ=âEurope/Parisâ
-e HOST_OS=âUnraidâ
-e HOST_HOSTNAME=âUnraidâ
-e HOST_CONTAINERNAME=âKopiaâ
-e âKOPIA_PASSWORDâ=âtestâ
-e âTCP_PORT_51515â=â51515â
-e âTZâ=âEurope/Madridâ
-l net.unraid.docker.managed=dockerman
-l net.unraid.docker.webui=âhttp://[IP]:[PORT:51515]â
-l net.unraid.docker.icon=âhttps://avatars.githubusercontent.com/u/82682015?s=40&v=4â
-v â/mnt/user/Docker/Kopia/configâ:â/app/configâ:ârwâ
-v â/mnt/user/Docker/Kopia/cacheâ:â/app/cacheâ:ârwâ
-v â/mnt/user/Docker/Kopia/logs/cli-logs/â:â/app/logs/cli-logsâ:ârwâ
-v â/mnt/user/â:â/app/dataâ:ârwâ
-v â/mnt/user/Docker/Kopia/logs/content-logs/â:â/app/logs/content-logsâ:ârwâ
âdns=10.10.50.5 âkopia/kopiaâ server
âinsecure
âhtpasswd-file /app/config/.htpasswd
âaddress 10.10.40.31:51515
âserver-username=admin
âdisable-csrf-token-checks
507ff4f5a7bf7dcb91465a42a71a7de33cacb381248e5d52141bde517011a11a
The command finished successfully!
I delete the folders and now were created with logs, or at least I did a log cleanup command and new logs were written. But if I run a snapshot, nothing is updated in the content logs folder, is this normal? where I can find a log with the result of a snapshot?
Please anyone can tell me where how I can get the output of a backp written in a log, in order to understand if itâs successfull or no?
I am using the docker version
Disabling CSRF token checks reduces security and should be avoided as it opens up your server to CSRF attack, which is a very common class of attacks on the Internet and can be used for data exfiltration and manipulation by using session cookie of a logged-in user.
See Cross-site request forgery - Wikipedia
Basically an attacker who can guess that:
a) you have a Kopia server running on some host:port
b) you have previously logged into that server in a browser and a cookie is still valid
Without CSRF token protection, if an attacker who knows a) and b) and can trick you into visiting their malicious web page (say attacker.com) that page can issue HTTP POST requests to Kopia server and do damage. I donât want to give a complete playbook for this kind of attack, but thatâs quite a real possibility given that Kopia exposes API that can be triggered this way. So DO NOT disable CSRF tokens except for a very narrow set of cases where you develop Kopia UI itself.
A CRSF token is generated every time server starts. To fix the issue simply refresh the web page (F5 on Windows, Command-R on a Mac) which will cause the client to pick up newly generated session secret.
Alternatively to ensure the client survives server restart an alternative is to pass some fixed random string via --auth-cookie-signing-key flag or KOPIA_AUTH_COOKIE_SIGNING_KEY environment variable.