Skip to content
GitLab
Next
    • GitLab: the DevOps platform
    • Explore GitLab
    • Install GitLab
    • How GitLab compares
    • Get started
    • GitLab docs
    • GitLab Learn
  • Pricing
  • Talk to an expert
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
    Projects Groups Snippets
  • Register
  • Sign in
  • omnibus-gitlab omnibus-gitlab
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 1,107
    • Issues 1,107
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Merge requests 82
    • Merge requests 82
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Container Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Code review
    • Insights
    • Issue
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • GitLab.orgGitLab.org
  • omnibus-gitlabomnibus-gitlab
  • Issues
  • #331
Closed
Open
Issue created Nov 10, 2014 by Udo@jampy81

"external_url" setting causes "The change you wanted was rejected." on fresh install

I posted this on GitHub also, but I guess I should have posted it here. Please let me know the right place for this issue

Since I was having trouble setting up LDAP login for GitLab I decided to completely reinstall it from scratch.

This is on Debian 7.7 with the GitLab Omnibus package.

I did gitlab-ctl cleanse, dpkg -P gitlab, even some rm -rf /opt/gitlab etc. for all files I could find with "gitlab" in it's name and then reinstalled using dpkg -i gitlab_7.4.3-omnibus.5.1.0.ci-1_amd64.deb.

Gitlab works somehow, but only if I don't specify a HTTPS external_url 'https://xxxxx.domain.com'.

If I do that, I always get error screens like the following when using forms (like the Sign In form):

422
The change you wanted was rejected.
Maybe you tried to change something you didn't have access to.

I learned that this is related to some anti-CSRF mechanism in Ruby, since in /var/log/gitlab/gitlab-rails/production.log I see these errors:

Started POST "/users/sign_in" for 188.9.177.98 at 2014-11-08 15:40:59 +0100
Processing by SessionsController#create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"++YH/fm12Ao7yNJubHA7J+ly24HY29l97FVqUIO9q8o=", "user"=>{"login"=>"fooo", "password"=>"[FILTERED]", "remember_me"=>"0"}}
Can't verify CSRF token authenticity
Completed 422 Unprocessable Entity in 3ms

ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
  actionpack (4.1.1) lib/action_controller/metal/request_forgery_protection.rb:176:in `handle_unverified_request'
  actionpack (4.1.1) lib/action_controller/metal/request_forgery_protection.rb:202:in `handle_unverified_request'
  devise (3.2.4) lib/devise/controllers/helpers.rb:182:in `handle_unverified_request'
  actionpack (4.1.1) lib/action_controller/metal/request_forgery_protection.rb:197:in `verify_authenticity_token'
  activesupport (4.1.1) lib/active_support/callbacks.rb:424:in `block in make_lambda'
  activesupport (4.1.1) lib/active_support/callbacks.rb:160:in `call'
  activesupport (4.1.1) lib/active_support/callbacks.rb:160:in `block in halting'
  activesupport (4.1.1) lib/active_support/callbacks.rb:166:in `call'
.......

Without the external_url setting GitLab forms work well, but obviously GitLab is using the wrong URL (based on the server host name).

Note that I'm not using Nginx (setting nginx['enable'] = false) but instead use Apache with reverse proxy to localhost:8080. As said, GitLab is accessed via a HTTPS URL.

What should I do?

Assignee
Assign to
Time tracking