Artificial truth

archives | latest | homepage | atom/rss/twitter

The more you see, the less you believe.

Fixing "Access forbidden State token does not match" on Nextcloud's Android client
Fri 28 May 2021 — download

I recently deployed Nextcloud, and while everything was more or less working out of the box, the Android application didn't want to let me log in at all: it kept hitting a http 303 and showing me an Access forbidden State token does not match error.

After having had a ton of fun debugging it, here is the summary: I'm using a reverse-proxy in front on my instance, with 'overwrite.cli.url' => '' and 'overwriteprotocol' => 'https' in my Nextcloud's config/config.php, and it seems that I forgot to pass the correct™ headers through my reverse-proxy. Throwing the following lines into your nginx configuration should fix the issue:

location / {
    proxy_set_header Host              $http_host;
    proxy_set_header X-Real-IP         $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;

    // […]