Features / Usability

Features / Usability

Cross site request forgery

posts: 706

I am seeing the below error message when I attempt to login to dev.tiki
I'd submit a bug report but I can't login to do so, any direction is appreciated.

Potential cross-site request forgery (CSRF) detected. Operation blocked. Reloading the page may help.

posts: 2411 Czech Republic
Hi John, did you try the "Reloading the page may help." hint?
posts: 706

I did not see the hint appear Luci, hmmm. That being said I reloaded the page anyways, just a natural step in trouble shooting login issues, and also cleared cache in my own browser and reloaded a few more times, but nothing was working yesterday.
But today I am back in without any issues.

posts: 706

Good day fatiki, I have not experienced the issue for a long time now. I ended up clearing cache on my pc, clearing cache in browsers, and things seemed to work ok.
Have you also tried different browsers?

posts: 36

Thanks John.

Yes I've tried with Firefox as well as Safari. I think I found a workaround for now:

The default login page is https://dev.tiki.org/login but if I get the error, the resulting page is https://dev.tiki.org/tiki-login.php .

I know the message says then to reload the page but if I do that it does nothing for me and I stay on the same page with the error.

But if I force the same page to reload (meaning, instead of pressing F5 I go to the URL field and hit enter), then it seems to work.

posts: 36
Test post to see if some Forum functionality works, pls. disregard. Thanks.
posts: 36

Hi Xavier,

Incidentally, this happened a couple of times on my Tiki test site too (it's on a localhost).

It's not a big deal since there is a workaround which works well (meaning, it works every time I have tried it) but it's always useful to know whether other people experience the same, and how many.

posts: 36
Thanks Luciash, good to know!