Cross site request forgery

Features / Usability

Posted by John Morris Wed 10 Apr 2019 01:17 GMT-0000 ☆ ☆ ☆

I am seeing the below error message when I attempt to login to dev.tiki
I'd submit a bug report but I can't login to do so, any direction is appreciated.

Potential cross-site request forgery (CSRF) detected. Operation blocked. Reloading the page may help.

Users rating: 5 / 5 5 / 5 Reads: 1426

Link

Posted by luciash d' being 🧙‍♂️ Wed 10 Apr 2019 07:48 GMT-0000 ☆ ☆ ☆ Czech Republic

Hi John, did you try the "Reloading the page may help." hint?

Users rating: - / 5

Link

Posted by John Morris Wed 10 Apr 2019 12:47 GMT-0000 ☆ ☆ ☆

I did not see the hint appear Luci, hmmm. That being said I reloaded the page anyways, just a natural step in trouble shooting login issues, and also cleared cache in my own browser and reloaded a few more times, but nothing was working yesterday.
But today I am back in without any issues.

Users rating: - / 5

Link

Posted by fatiki Sun 25 Aug 2019 08:54 GMT-0000 ☆ ☆

Hi John, I had not realized there was already a post for this problem.

I am experiencing the same issue, intermittently.

https://tiki.org/forumthread72499-Intermittent-issues-logging-onto-dev-tiki-org?topics_offset=1

Are you still experiencing this?

Users rating: - / 5

Link

Posted by John Morris Sun 25 Aug 2019 15:51 GMT-0000 ☆ ☆ ☆

Good day fatiki, I have not experienced the issue for a long time now. I ended up clearing cache on my pc, clearing cache in browsers, and things seemed to work ok.
Have you also tried different browsers?

Users rating: 5 / 5 5 / 5

Link

Posted by fatiki Sun 25 Aug 2019 16:55 GMT-0000 ☆ ☆

Thanks John.

Yes I've tried with Firefox as well as Safari. I think I found a workaround for now:

The default login page is https://dev.tiki.org/login but if I get the error, the resulting page is https://dev.tiki.org/tiki-login.php .

I know the message says then to reload the page but if I do that it does nothing for me and I stay on the same page with the error.

But if I force the same page to reload (meaning, instead of pressing F5 I go to the URL field and hit enter), then it seems to work.

Users rating: - / 5

Link

Posted by fatiki Tue 27 Aug 2019 19:02 GMT-0000 ☆ ☆

Test post to see if some Forum functionality works, pls. disregard. Thanks.

Users rating: - / 5

Link

Posted by Xavier de Pedro Wed 28 Aug 2019 08:02 GMT-0000 ☆ ☆ ☆ Catalan Countries

thanks fatiki, this is an annoying issue, reported already, also with that workaround (it took me a while to figure out the same woraround weeks ago):
https://dev.tiki.org/item7038-CSRF-Error-when-trying-to-log-in-from-the-top-bar

Users rating: 5 / 5 5 / 5

Link

Posted by fatiki Wed 28 Aug 2019 11:47 GMT-0000 ☆ ☆

Hi Xavier,

Incidentally, this happened a couple of times on my Tiki test site too (it's on a localhost).

It's not a big deal since there is a workaround which works well (meaning, it works every time I have tried it) but it's always useful to know whether other people experience the same, and how many.

Users rating: - / 5

Link

Posted by luciash d' being 🧙‍♂️ Wed 28 Aug 2019 14:58 GMT-0000 ☆ ☆ ☆ Czech Republic

Seems there is a fix on the way by lindon?
https://dev.tiki.org/item7038-CSRF-Error-when-trying-to-log-in-from-the-top-bar#threadId=7314

Users rating: - / 5

Link

Posted by fatiki Wed 28 Aug 2019 16:37 GMT-0000 ☆ ☆

Thanks Luciash, good to know!

Users rating: - / 5

Link

Jump to forum:

Features / Usability

Cross site request forgery

Upcoming Events

Latest Page Changes

Why Register?

Newest Forum Posts

About Tiki

Support

Community

Get Started

Documentation

Development

Legal

Tiki Project Sites

Networks

Thread actions

Upcoming Events

Latest Page Changes

Why Register?

Newest Forum Posts

Legal