Missing csrf token when terminate workflow on temporal ui

Community Support
1

First of all, I server temporal ui under a sub path, following the directions here:

It works fine for the viewing part. But when I tried to terminate a workflow, the operation failed with a message:
“missing csrf token in request header” .

I’ve submitted an issue to ui-server project:

But still I want to know if there is a quick workaround.

2

hi @whitecrow

Thank you, I am not able to reproduce this.

I have created the docker image docker build --build-arg TEMPORAL_PUBLIC_PATH=/custom-path -t temporal-ui-public-path .

And to run temporal with this UI I have changed the temporal-ui from this docker compose

  temporal-ui:
    container_name: temporal-ui
    depends_on:
      - temporal
    environment:
      - TEMPORAL_ADDRESS=temporal:7233
      - TEMPORAL_CORS_ORIGINS=http://localhost:3000
      - TEMPORAL_PUBLIC_PATH=/custom-path
    image: temporal-ui-public-path
    networks:
      - temporal-network
    ports:
      - 8080:8080

Terminating workflows from the UI works for me.

how are you starting the UI?

3

I see that there is an open issue in the UI repo related to terminating workflows, but the error message is different, do you think it could be related? An error occurred while terminating workflow · Issue #793 · temporalio/ui · GitHub

4

I deploy temporal server&ui on k8s, too.
Here are my deployment yaml config:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: temporal-web-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: temporal-web
  template:
    metadata:
      labels:
        app: temporal-web
    spec:
      containers:
        - name: temporal-web
          image: my-temporal-ui-image:2.8.x
          env:
            - name: LANG
              value: "en_US.UTF-8"
            - name: TEMPORAL_ADDRESS
              value: temporal-server:7233
            - name: TEMPORAL_CORS_ORIGINS
              value: http://localhost:3000
            - name: TEMPORAL_PUBLIC_PATH
              value: /svc-temporal-web
          ports:
            - containerPort: 8080
          resources:
            requests:
              cpu: 500m
5

@antonio.perez
Is there any relation to the ENV config TEMPORAL_CORS_ORIGINS?
I just found it worked fine if I visit my ui through localhost instead of a public IP .

1 Like
6

not sure about that. Let me ask internally!

7

Hi @whitecrow ,

You have to set TEMPORAL_CORS_ORIGINS to the same url that you will be terminating from. (I guess the public IP)

Let me know if it works.

8

@antonio.perez
I tried but it did not work.
The official image works fine with TEMPORAL_CORS_ORIGINS unchanged. So I think this problem is related to the subpath mechanism.

9

+1

solved now?

11

@jackban is this the same question Missing csrf token in request header

12

Solution 1: Add TEMPORAL_CSRF_COOKIE_INSECURE:True in your environment section in docker-compose file, it works for me.

Solution 2: try adding this line in your code before starting workflow execution:
await client.get_workflow_handle(WORKFLOW_ID).terminate()

13 
cors:
  cookieInsecure: true

Works for me.