All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Website monitoring - CSRF validation failed- How can I fix?

lubosjacko
Engager
‎12-08-2022 03:25 PM

Hi,

does anyone has experience with website monitoring app 
I am facing issue with adding inputs, especially if input (check) requires HTTP Authentication.
error is : " 401 Splunk cannot authenticate the request. CSRF validation failed "

 

 

Request URL: https://xxxx:8443/en-US/splunkd/__raw/services/storage/passwords?output_mode=json
Request Method: POST
Status Code: 401 Splunk cannot authenticate the request. CSRF validation failed.
Remote Address: 10.217.11.78:8443
Referrer Policy: no-referrer

 

 

I find out that request is missing one header parameter X-Splunk-Form-Key
requestURL: en-US/splunkd/__raw/services/storage/passwords?output_mode=json

request header:

 

Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8,sk;q=0.7
Connection: keep-alive
Content-Length: 61
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Cookie: mintjs%3Auuid=02ced06b-7ec3-40e2-8e0b-91040e343001; built_by_tabuilder=yes; ta_builder_current_ta_name=TA-splunk-backup; ta_builder_current_ta_display_name=Splunk%20backup; splunkweb_csrf_token_8443=1505950XXXXXXXXXXX; session_id_8443=6e995a2d52b3a34ade550aafff50XXXXXXXXXXX; splunkd_8443=OUucWpZKKsQtgnedQ98lJ5VRCosW7HAdUh6fia3B^Q^D9HofK5tn11AwTAEiKXhzUL_HPsAiG91v8evtXcVri9MYUmXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX0fCIm84az_izL
Host: xxxx:8443
Origin: https://xxxx:8443
sec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108", "Google Chrome";v="108"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36
X-Requested-With: XMLHttpRequest

 

 

Response header : 

 

Connection: Keep-Alive
Content-Length: 104
Content-Type: application/json; charset=UTF-8
Date: Thu, 08 Dec 2022 23:06:45 GMT
Server: Splunkd
Vary: Cookie
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN

 

 

Any idea why is this parameter missing? 
Splunk runs on linux 
I tried : clear cache, incognito window,

Labels (2)
Labels
0 Karma
Reply

Gr0und_Z3r0
Contributor
‎03-23-2023 06:27 AM

I was able to resolve these issues by clearing browser cache and cookies while testing some input configurations for Salesforce Streaming add-on. 

0 Karma
Reply

tomassplunk
New Member
‎03-21-2023 11:58 AM

Hi. Any solution to this, i have the same issue get this in the log.

 ERROR UiAuth [ TcpChannelThread] - Request from /en-US/splunkd/__raw/services/storage/passwords?output_mode=json" failed CSRF validation -- expected key "[REDACTED]3146" and header had key ""

0 Karma
Reply

kcooper
Communicator
‎05-04-2023 08:48 AM

Me too

 

Any fixes for this? 

 

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...