GitLab 6.5 and Secure Cookies

Gitlab 6.5 was released earlier this week so naturally it was time to upgrade  my dev box. But things broke. I could authenticate fine but got redirected back to the login page. Also, in the production.log it spit out:


Started POST "/users/sign_in" for 1.x.x.x at 2014-01-22 11:11:58 -0500
Processing by Devise::SessionsController#create as HTML Parameters: {"utf8"=>"?", "authenticity_token"=>"xbiFykHUXkuaHYRTbrAzXh7GU8yDw2tofqE82MHFGiY=", "user"=>{"login"=>"myself", "password"=>"[FILTERED]", "remember_me"=>"1"}}
Can't verify CSRF token authenticity
Redirected to http://myserver/
Completed 302 Found in 130ms (ActiveRecord: 1.8ms)
Started GET "/" for 1.x.x.x at 2014-01-22 11:11:59 -0500
Processing by DashboardController#show as HTML
Completed 401 Unauthorized in 2ms
Started GET "/users/sign_in" for 1.x.x.x at 2014-01-22 11:11:59 -0500

I wasn’t the only one to encounter it. And with some help I found the problem and how to fix it. And then the Gitlab folks tweeted it!

it’s nice to be noticed!

TL;DR – Make sure your apache conf is current with the new gitlab-recipe.

Billy-Madison-I-am-the-smartest-man-alive

Leave a Reply