Cross site request forgery

Features / Usability

Posted by John Morris Wed 10 Apr 2019 01:17 GMT-0000 posts: 706 ☆ ☆ ☆

I am seeing the below error message when I attempt to login to dev.tiki
I'd submit a bug report but I can't login to do so, any direction is appreciated.

Potential cross-site request forgery (CSRF) detected. Operation blocked. Reloading the page may help.

Reads: 1912

Link

Posted by luciash d' being 🧙 Wed 10 Apr 2019 07:48 GMT-0000 posts: 2411 ☆ ☆ ☆ Czech Republic

Hi John, did you try the "Reloading the page may help." hint?

Link

Posted by John Morris Wed 10 Apr 2019 12:47 GMT-0000 posts: 706 ☆ ☆ ☆

I did not see the hint appear Luci, hmmm. That being said I reloaded the page anyways, just a natural step in trouble shooting login issues, and also cleared cache in my own browser and reloaded a few more times, but nothing was working yesterday.
But today I am back in without any issues.

Link

Posted by fatiki Sun 25 Aug 2019 08:54 GMT-0000 posts: 36 ☆ ☆

Hi John, I had not realized there was already a post for this problem.

I am experiencing the same issue, intermittently.

https://tiki.org/forumthread72499-Intermittent-issues-logging-onto-dev-tiki-org?topics_offset=1

Are you still experiencing this?

Link

Posted by John Morris Sun 25 Aug 2019 15:51 GMT-0000 posts: 706 ☆ ☆ ☆

Good day fatiki, I have not experienced the issue for a long time now. I ended up clearing cache on my pc, clearing cache in browsers, and things seemed to work ok.
Have you also tried different browsers?

Link

Posted by fatiki Sun 25 Aug 2019 16:55 GMT-0000 posts: 36 ☆ ☆

Thanks John.

Yes I've tried with Firefox as well as Safari. I think I found a workaround for now:

The default login page is https://dev.tiki.org/login but if I get the error, the resulting page is https://dev.tiki.org/tiki-login.php .

I know the message says then to reload the page but if I do that it does nothing for me and I stay on the same page with the error.

But if I force the same page to reload (meaning, instead of pressing F5 I go to the URL field and hit enter), then it seems to work.

Link

Posted by fatiki Tue 27 Aug 2019 19:02 GMT-0000 posts: 36 ☆ ☆

Test post to see if some Forum functionality works, pls. disregard. Thanks.

Link

Posted by Xavier de Pedro Wed 28 Aug 2019 08:02 GMT-0000 posts: 1811 ☆ ☆ ☆ Catalan Countries

thanks fatiki, this is an annoying issue, reported already, also with that workaround (it took me a while to figure out the same woraround weeks ago):
https://dev.tiki.org/item7038-CSRF-Error-when-trying-to-log-in-from-the-top-bar

Link

Posted by fatiki Wed 28 Aug 2019 11:47 GMT-0000 posts: 36 ☆ ☆

Hi Xavier,

Incidentally, this happened a couple of times on my Tiki test site too (it's on a localhost).

It's not a big deal since there is a workaround which works well (meaning, it works every time I have tried it) but it's always useful to know whether other people experience the same, and how many.

Link

Posted by luciash d' being 🧙 Wed 28 Aug 2019 14:58 GMT-0000 posts: 2411 ☆ ☆ ☆ Czech Republic

Seems there is a fix on the way by lindon?
https://dev.tiki.org/item7038-CSRF-Error-when-trying-to-log-in-from-the-top-bar#threadId=7314

Link

Posted by fatiki Wed 28 Aug 2019 16:37 GMT-0000 posts: 36 ☆ ☆

Thanks Luciash, good to know!

Link

Jump to forum:

Features / Usability

Cross site request forgery

Upcoming Events

Latest Page Changes

Menu

Newest Forum Posts

About Tiki

Support

Community

Get Started

Documentation

Development

Legal

Tiki Project Sites

Networks

Thread actions

Upcoming Events

Latest Page Changes

Menu

Newest Forum Posts

Legal