Can someone help me troubleshoot this? I’m trying to get a HA version of CTFd set up behind an ALB using ECS, RDS, and Elasticache in AWS. I have ALB, ECS, and RDS configured, but I’m getting the error in the subject:
Any help is appreciated, thanks!
Alex
Typically this error (a 403 Forbidden) is a CSRF issue in CTFd. It generally means that you aren’t sending the right CSRF nonce or not sending one at all.
I would look into whether all CTFd servers/workers are using the same cache and whether or not you’re even sending a nonce.
Can you clarify this a little more for me? FWIW the cache isn’t the same as I don’t have elasticache configured yet. I basically just wanted to add the HA pieces bit by bit to confirm they’re working. If I need to configure elasticache for this to work that’s fine, but I wanted to understand why that’s the case.
What’s CSRF, and what’s a nonce?
Thanks,
Alex
Here is a relevant Github issue for you: https://github.com/CTFd/CTFd/issues/1407.
Here’s the wikipedia article on CSRF: https://en.wikipedia.org/wiki/Cross-site_request_forgery
It is currently important that all CTFd workers use the same cache (generally Redis). If workers are all pointing to different caches then users will not be able to authenticate to another CTFd worker because they will store the user’s session in different locations.
That’s helpful, thank you!
I have redis set up, but now my containers are exiting with this error: 
Ah, the stack trace is actually much larger than I thought originally.
Here’s the ending part of that stack trace:
Issue is likely Redis cluster related: https://github.com/CTFd/CTFd/issues/1303
Trying to see if I turn off Elasticache cluster mode this works.
