I am getting this error in cli-log
2022-11-04T13:24:16.456143Z WARN kopia/server got invalid CSRF token for /api/v1/tasks/15/logs: f547c43cf305f56ef1cf35c345abe4faf5f390fa20b9bea89ca0754146552b24, want e083eb2f3e4db61ab46587866e34081a1711e8adc9dd3d5449e41a5913ebd017, session 6cd1e736-d6cf-439b-91fa-881851833667
And kopia has stoped to write logs in the content-logs folder, is this related? how can I fix it?
Does kopia has a sustem to autorotate the logs?
I am using docker
I âfixedâ it with this parameter ââdisable-csrf-token-checksâ itâs oK? or itâs bad?
On the other hand as I said the docker is not writing logs anymore.
docker run
-d
âname=âKopiaâ
ânet=âbr1â
âip=â10.10.40.31â
âcpuset-cpus=â8,9,10,11,20,21,22,23â
-e TZ=âEurope/Parisâ
-e HOST_OS=âUnraidâ
-e HOST_HOSTNAME=âUnraidâ
-e HOST_CONTAINERNAME=âKopiaâ
-e âKOPIA_PASSWORDâ=âtestâ
-e âTCP_PORT_51515â=â51515â
-e âTZâ=âEurope/Madridâ
-l net.unraid.docker.managed=dockerman
-l net.unraid.docker.webui=âhttp://[IP]:[PORT:51515]â
-l net.unraid.docker.icon=âhttps://avatars.githubusercontent.com/u/82682015?s=40&v=4â
-v â/mnt/user/Docker/Kopia/configâ:â/app/configâ:ârwâ
-v â/mnt/user/Docker/Kopia/cacheâ:â/app/cacheâ:ârwâ
-v â/mnt/user/Docker/Kopia/logs/cli-logs/â:â/app/logs/cli-logsâ:ârwâ
-v â/mnt/user/â:â/app/dataâ:ârwâ
-v â/mnt/user/Docker/Kopia/logs/content-logs/â:â/app/logs/content-logsâ:ârwâ
âdns=10.10.50.5 âkopia/kopiaâ server
âinsecure
âhtpasswd-file /app/config/.htpasswd
âaddress 10.10.40.31:51515
âserver-username=admin
âdisable-csrf-token-checks
507ff4f5a7bf7dcb91465a42a71a7de33cacb381248e5d52141bde517011a11a
The command finished successfully!
I delete the folders and now were created with logs, or at least I did a log cleanup command and new logs were written. But if I run a snapshot, nothing is updated in the content logs folder, is this normal? where I can find a log with the result of a snapshot?
Please anyone can tell me where how I can get the output of a backp written in a log, in order to understand if itâs successfull or no?
I am using the docker version
Disabling CSRF token checks reduces security and should be avoided as it opens up your server to CSRF attack, which is a very common class of attacks on the Internet and can be used for data exfiltration and manipulation by using session cookie of a logged-in user.
See Cross-site request forgery - Wikipedia
Basically an attacker who can guess that:
a) you have a Kopia server running on some host:port
b) you have previously logged into that server in a browser and a cookie is still valid
Without CSRF token protection, if an attacker who knows a) and b) and can trick you into visiting their malicious web page (say attacker.com
) that page can issue HTTP POST requests to Kopia server and do damage. I donât want to give a complete playbook for this kind of attack, but thatâs quite a real possibility given that Kopia exposes API that can be triggered this way. So DO NOT disable CSRF tokens except for a very narrow set of cases where you develop Kopia UI itself.
A CRSF token is generated every time server starts. To fix the issue simply refresh the web page (F5 on Windows, Command-R on a Mac) which will cause the client to pick up newly generated session secret.
Alternatively to ensure the client survives server restart an alternative is to pass some fixed random string via --auth-cookie-signing-key
flag or KOPIA_AUTH_COOKIE_SIGNING_KEY
environment variable.
1 Like