Jump to content


Photo

CSFR Token Error raising its head again


  • Please log in to reply
5 replies to this topic

#1 eugeneb

eugeneb

    Advanced Member

  • Members
  • PipPipPip
  • 317 posts
  • LocationCenturion, south Africa

Posted 07 November 2018 - 04:28 AM

Hi guys,

 

this is an inconsistent error we have been getting on using forms for the last two years. One of my clients at least informed me of this bug with a screenshot. 

 

When loading a form X2 give this CSFR token error. Any idea how to solve this.

 

Problem is mainly if you use forms and new clients find this error, we wont even know as they will simply not use the form. The fix seems simple enough by refreshing the screen, but you cant inform a new prospect of this.

 

Please help.

Attached Thumbnails

  • Screen Shot 2018-11-06 at 4.57.49 PM.png


#2 X2Peter

X2Peter

    Advanced Member

  • Administrators
  • 57 posts

Posted 07 November 2018 - 01:16 PM

Hello Eugene,

 

I believe this error should only occur when making a POST request back to the CRM, are you positive this is happening during load and not after submission? Also, can you show me the contents of your protected/components/X2HttpRequest.php file? I believe there should be a whitelist of web requests where CSRF is not required and that list should be contained in protected/components/X2HttpRequest.php.



#3 eugeneb

eugeneb

    Advanced Member

  • Members
  • PipPipPip
  • 317 posts
  • LocationCenturion, south Africa

Posted 08 November 2018 - 06:39 AM

Hi Peter,

 

it happens sometimes by just loading and displaying the form and sometimes after Submit. On the first option if I refresh the page then it loads the form.

 

Last year via email, Raymond had a long discussion with me and the discussion was around creating a CNAME record for my domain. But my domains were setup correctly. 

 

I hope you can maybe find another area to check as this has happened on numerous occasion with clients also. I think people refresh naturally and doesn't realise its a bug.

Attached Files



#4 X2Peter

X2Peter

    Advanced Member

  • Administrators
  • 57 posts

Posted 13 November 2018 - 10:07 AM

This is strange, I believe we have run into issues with Safari browser users and are currently designing a fix. Would you happen to know which browsers these leads may have been using? Regardless, we are currently testing web forms with different browsers to replicate the issue. I will keep this thread updated with our results.



#5 X2Peter

X2Peter

    Advanced Member

  • Administrators
  • 57 posts

Posted 13 November 2018 - 04:08 PM

I believe we have resolved the issue. From what we could replicate, it appears that the request which was coming in from the web lead form requested a different path than what the CSRF filter was trying to match. I have attached a new version of the X2HttpRequest.php to this post. Please backup your current version then replace. Also please test the web leads immediately afterwards.

 

 

 

Let me know if you still run into the CSRF issues.

Attached Files



#6 eugeneb

eugeneb

    Advanced Member

  • Members
  • PipPipPip
  • 317 posts
  • LocationCenturion, south Africa

Posted 13 November 2018 - 11:47 PM

Thanks Peter,

 

I will test the solution. Just FYI we use Chrome but have found the issue on all browsers as clients who have reported this I always check and Chrome seems to be the biggest culprit.

 

Thanks






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users