Grav in Nginx: 403 Forbidden, Oops invalid security token

[Sqoon]

Hello, I recently manually installed Gantry onto Grav, Gantry themes work fine, although changing anything within the Appearance admin tabs yields a "403 Forbidden, Oops invalid security token".

I am not sure if I am overlooking something simple.
Any help would be much appreciated, thank you.

[w00fz]

Are you running the latest grav and grav admin?

[Sqoon]

Yes, freshly installed and updated.

[w00fz]

Hmmm, I cannot reproduce this issue. Have you tried clearing all cache and logging out and in again?

[kat05]

I am also not able to replicate the issue.

[hexplor]

been testing grav a lot recently, never experienced this issue :(

[Sqoon]

Still occurs after clearing cache and logging out.

It might have something to do with firewall or htaccess but I'm still super lost.
I'm using Ubuntu 16.

Maybe I need to set permissions somewhere, but again I'm still lost.

[w00fz]

Can you let us know the steps you perform to get to the issue?

I'm assuming you go in admin, have Helium/Hydrogen enabled as themes, go in Appearance, make some changes like background colors and such, click Save and get the error. Is that correct?

[Sqoon]

That's correct. Anything I want to save or change in the appearance tab, just gives me a 403 error. So I basically can't change anything with the theme. It also gives me this error with other Gantry related themes.

[w00fz]

Which other Gantry related themes?
Perhaps you can send me your site and admin account in private on https://gitter.im/w00fz

[mahagr]

I've seen this issue happening many, many times before. Try disabling mod_security if it helps. Later you can re-enable it, but there are some rules (which I need to dig up) which need to be disabled.

[mahagr]

Actually.. What does the error look like? Might be something else.

[Sqoon]

Well, W00fz helped me a bit, and I figured out that I might have Nginx configured incorrectly.

I'm going to take a day to reconfigure it, and I will report back tomorrow to see if everything was fixed correctly. Thank you all for the help.

I'll be back tomorrow and let everyone know if it gets fixed.

[mahagr]

@Sqoon Did you manage to fix your issue?

[mahagr]

We are not yet sure why this happens for some users. If possible, please join us in https://gitter.im/gantry/gantry5 so that I can look into your site.

[flaviocopes]

Related: getgrav/grav-plugin-admin#893 (comment)

[mahagr]

@Sqoon Above link may help you to fix the issue ^

[mahagr]

Please update nginx.conf:

    location / {
        try_files $uri $uri/ /index.php?_url=$uri&$query_string;
    }

[beedzei]

I have updated nginx.conf with suggested location fix but still same 403 error - on the latest Grav + admin, Gantry 5 and Helium and all on 16.04

[beedzei]

PS. Solved - needed to be edited in sites-available/grav, not in main nginx.conf.

[samwalls]

And, in case you're using Caddy, the equivalent rewrite rule:

rewrite {
    to  {path} {path}/ /index.php?_url={uri}&{query}
}