FreeNAS 9.3 CSRF Issue

I love FreeNAS and use it at home for my own NAS needs. Recently, FreeNAS released their newest stable release, 9.3. I felt adventurous one evening and decided to upgrade. Everything seemed to work OK until one day when I went to log into the Web UI. When I discovered I had run into a FreeNAS 9.3 CSRF Issue. No matter which username and apssword I entered in, I was getting CSRF errors from Django (which FreeNAS uses for the UI.)

This left me a bit stumped until I ran across this thread on the FreeNAS forums. I need to reconfigure my HTTPS/certs but I figured it would be helpful to pass along the (temporary) fix for anyone else having this issue. Credit for this fix goes to Ramboxman on the FreeNAS forums (thank you!)

To fix the CSRF login issue in FreeNAS, I did the following.

  1. SSH’d into FreeNAS server (I had to use the console since I disallow sudo or root access via SSH)
  2. Type vi /etc/local/rc.d/django
  3. Find the following line in the file – if [ ${webguiproto} = "https" ]; then
  4. Change that line (make sure to hit ‘i’ to enter edit mode in vi) to if [ ${webguiproto} = "https" -a ! -f /tmp/alert_invalid_ssl_nginx ]; then
  5. Exit vi (:w! and then :q)
  6. Type in the following and hit enter to restart Django /etc/local/rc.d/django restart

That is it – when you try to log in, the CSRF issue should be gone. Your issue is likely caused by the GUI sing HTTPS but the browser using HTTP. Change the FreeNAS settings, albeit if temporary, to use HTTP or HTTPS+HTTP so the problem does not reoccur.