MODX :: A possible CSRF attempt was detected. No referer was provided by the server.

123

Michael Smull
http://www.bigpixelstudio.com

mdsdesign Reply #1, 2 years, 6 months ago

Link to this post#1

A possible CSRF attempt was detected. No referer was provided by the server.

Getting this message when trying to login to my site manager in Firefox on Mac. Just updated to 1.0.1 today. Seems to be fine at the moment in Safari.

Anyone else experiencing this? What does it mean?

332

chinesedream Reply #2, 2 years, 6 months ago

Link to this post#2

I got this couple hours ago. It went away after couple minutes.

11,683

PLEASE, PLEASE specify the version of MODX you are using . . . PLEASE!

MODx info for everyone: http://bobsguides.com/MODx.html

BobRay Reply #3, 2 years, 6 months ago

Link to this post#3

http://en.wikipedia.org/wiki/Cross-site_request_forgery
http://modxcms.com/forums/index.php?topic=36771.0

123

Michael Smull
http://www.bigpixelstudio.com

mdsdesign Reply #4, 2 years, 6 months ago

Link to this post#4

Thanks. That other thread you pointed me to might help, but I'm not exactly sure how to do what they're explaining. Still hoping for a better explanation.

895

Chuck the Trukk
ProWebscape.com :: Nashville-WebDesign.com
- - - - - - - -
What are TV's? Here's some info below.
http://modxcms.com/forums/index.php/topic,21081.msg159009.html#msg1590091
http://modxcms.com/forums/index.php/topic,14957.msg97008.html#msg97008

chucktrukk Reply #5, 2 years, 6 months ago

Link to this post#5

There was a bug in 1.0.1 where modx didnt recognize turning CSRF off.

To fix, change

<?php 
if (isset($modx->config['validate_referer']) && $modx->config['validate_referer']) {

to

<?php
if (isset($modx->config['validate_referer']) && $modx->config['validate_referer'] == 1) {

8

ianburrett Reply #6, 2 years, 6 months ago

Link to this post#6

I've just installed a version of 1.0.2 and the issue is still there.

Which file is it that I need to make that adjustment to?

388

www.terrybarthdesign.com

Terry Reply #7, 2 years, 5 months ago

Link to this post#7

I just installed 1.0.2 on hostgator for a new project. I've been working on it for a few days with no error message. Today, I started getting this message: A possible CSRF attempt was detected. No referer was provided by the server.

Per another thread I tried this fix:

The only fix was for me to change the line 228 in manager/index.php

from
if (isset($modx->config['validate_referer']) && $modx->config['validate_referer']) {

to
if (isset($modx->config['validate_referer']) && $modx->config['validate_referer'] == '1') {

After deleting: assets/cache/siteCache.idx.php and refreshing the cache in modx manager and on the browser, no effect.

BTW, I saw two versions of the fix one like this: == '1' and one like this == 1. I tried both.

I have 1.0.2 installed on hostgator for another project and have never received this message. Settings appear to be the same. Both have Validate HTTP_REFERER headers? set to yes in the configuration page in the manager.

Not sure what to try next.

Thank you!

2

webxmodx Reply #8, 2 years, 3 months ago

Link to this post#8

If your Web Developer Toolbar is set to disable referrers, you will need to enable sending of referrer info. That's what I had to do to solve this problem.

Other options are detailed here: http://www.belafontecode.com/fix-modx-csrf-error-in-firefox/

A possible CSRF attempt was detected. No referer was provided by the server.#