"A possible CSRF attempt was detected." error in FF, but fine in IE#

Hey there,

I get the "A possible CSRF attempt was detected. No referer was provided by the server." message when I log into the manager with FF, but when I try it with IE7 it works fine.

First thought was that the culprit must be the cache. So cleared the FF cache and the MODx cache. No change.

I then tested switching off the usual suspect add-ons (e.g. Firebug) but to no avail.

I switched the "Validate HTTP_REFERER headers?" option to NO in the config (using IE). But still no dice in FF.

Any ideas?

Did you ever sort this out? Try re-running the installer in upgrade mode after moving a clean set of files in (saving any extra snippets and moving a copy of the config file over)?

Seems to be OK for the moment. Uploaded a fresh cache file and did an upgrade install. Will let you know if anything breaks.

EDIT. And something does. When I set the click the "Don't show this warning again" in the Configuration tab, it sets the database value for system_settings to "00".

Method 1:

1. Disable your Antivirus software(ex. Nortan Internet Security)
2. Delete all cookies and refresh Internet Explorer
3. Try to login
4. If you successfuly login to Modx, Go to Tools Menu -> Select Configuration.
5. In System Configuration -> select Site.
6. In Site menu please select 'No' radio under "button Validate HTTP_REFERER headers?" and Save.
7. Enable your Antivirus software.

or
Method 2:
Set mannualy database system_settings to 0

or
Method 3:
If you want to use Yes option for "Validate HTTP_REFERER headers?". Please disable your antivirus software (Nortan Internet Security). You can work with Modx in Validate HTTP_REFERER headers mode.

Good luck.

Nihonsei

My Friend if Modx Works fine in IE, Crome etc... and only have problems in Firefox... that is the problem Firefox!!

so is just configuration.

1. Type “about:config” in the location bar, and press Enter.
2 In the filter box, type “referer” and press Enter. This should leave you with one preference, network.http.sendRefererHeader. This is probably set to 0.
3 Right click on network.http.sendRefererHeader and select “Modify”

- Just change it to 2

and thats all.
Are just some things about security in firefox...

I HOPE THAT WORKS FOR YOU TOO, MORE INFORMATION HERE:

http://www.belafontecode.com/fix-modx-csrf-error-in-firefox/

Ysanmiguel thanks for this. It worked, and is continuing to work.

Quote from: Ysanmiguel at May 05, 2010, 02:24 PM

My Friend if Modx Works fine in IE, Crome etc... and only have problems in Firefox... that is the problem Firefox!!

so is just configuration.

1. Type “about:config” in the location bar, and press Enter.
2 In the filter box, type “referer” and press Enter. This should leave you with one preference, network.http.sendRefererHeader. This is probably set to 0.
3 Right click on network.http.sendRefererHeader and select “Modify”

- Just change it to 2

and thats all.
Are just some things about security in firefox...

I HOPE THAT WORKS FOR YOU TOO, MORE INFORMATION HERE:

http://www.belafontecode.com/fix-modx-csrf-error-in-firefox/

Your Welcome my friend!!!

I am having exactly the same issue (works in IE but not firefox) but changing network.http.sendRefererHeader to 2 has no effect.

I am using Modx evo 1.0.5 and accessing from a computer running windows XP or ubuntu.