Skip to content
GitLab
Next
Closed
Issue created by Udo@jampy81

"external_url" setting causes "The change you wanted was rejected." on fresh install

I posted this on GitHub also, but I guess I should have posted it here. Please let me know the right place for this issue

Since I was having trouble setting up LDAP login for GitLab I decided to completely reinstall it from scratch.

This is on Debian 7.7 with the GitLab Omnibus package.

I did gitlab-ctl cleanse, dpkg -P gitlab, even some rm -rf /opt/gitlab etc. for all files I could find with "gitlab" in it's name and then reinstalled using dpkg -i gitlab_7.4.3-omnibus.5.1.0.ci-1_amd64.deb.

Gitlab works somehow, but only if I don't specify a HTTPS external_url 'https://xxxxx.domain.com'.

If I do that, I always get error screens like the following when using forms (like the Sign In form):

422
The change you wanted was rejected.
Maybe you tried to change something you didn't have access to.

I learned that this is related to some anti-CSRF mechanism in Ruby, since in /var/log/gitlab/gitlab-rails/production.log I see these errors:

Started POST "/users/sign_in" for 188.9.177.98 at 2014-11-08 15:40:59 +0100
Processing by SessionsController#create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"++YH/fm12Ao7yNJubHA7J+ly24HY29l97FVqUIO9q8o=", "user"=>{"login"=>"fooo", "password"=>"[FILTERED]", "remember_me"=>"0"}}
Can't verify CSRF token authenticity
Completed 422 Unprocessable Entity in 3ms

ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
  actionpack (4.1.1) lib/action_controller/metal/request_forgery_protection.rb:176:in `handle_unverified_request'
  actionpack (4.1.1) lib/action_controller/metal/request_forgery_protection.rb:202:in `handle_unverified_request'
  devise (3.2.4) lib/devise/controllers/helpers.rb:182:in `handle_unverified_request'
  actionpack (4.1.1) lib/action_controller/metal/request_forgery_protection.rb:197:in `verify_authenticity_token'
  activesupport (4.1.1) lib/active_support/callbacks.rb:424:in `block in make_lambda'
  activesupport (4.1.1) lib/active_support/callbacks.rb:160:in `call'
  activesupport (4.1.1) lib/active_support/callbacks.rb:160:in `block in halting'
  activesupport (4.1.1) lib/active_support/callbacks.rb:166:in `call'
.......

Without the external_url setting GitLab forms work well, but obviously GitLab is using the wrong URL (based on the server host name).

Note that I'm not using Nginx (setting nginx['enable'] = false) but instead use Apache with reverse proxy to localhost:8080. As said, GitLab is accessed via a HTTPS URL.

What should I do?