Subscribe: RSS
  • Hey there,

    I get the "A possible CSRF attempt was detected. No referer was provided by the server." message when I log into the manager with FF, but when I try it with IE7 it works fine.

    First thought was that the culprit must be the cache. So cleared the FF cache and the MODx cache. No change.

    I then tested switching off the usual suspect add-ons (e.g. Firebug) but to no avail.

    I switched the "Validate HTTP_REFERER headers?" option to NO in the config (using IE). But still no dice in FF.

    Any ideas?
    • Did you ever sort this out? Try re-running the installer in upgrade mode after moving a clean set of files in (saving any extra snippets and moving a copy of the config file over)?
        Ryan Thrash, MODX Co-Founder
        Follow me on Twitter at @rthrash or catch my occasional unofficial thoughts at thrash.me
      • Seems to be OK for the moment. Uploaded a fresh cache file and did an upgrade install. Will let you know if anything breaks.

        EDIT. And something does. When I set the click the "Don’t show this warning again" in the Configuration tab, it sets the database value for system_settings to "00".
        • Method 1:

          1. Disable your Antivirus software(ex. Nortan Internet Security)
          2. Delete all cookies and refresh Internet Explorer
          3. Try to login
          4. If you successfuly login to Modx, Go to Tools Menu -> Select Configuration.
          5. In System Configuration -> select Site.
          6. In Site menu please select ’No’ radio under "button Validate HTTP_REFERER headers?" and Save.
          7. Enable your Antivirus software.

          or
          Method 2:
          Set mannualy database system_settings to 0

          or
          Method 3:
          If you want to use Yes option for "Validate HTTP_REFERER headers?". Please disable your antivirus software (Nortan Internet Security). You can work with Modx in Validate HTTP_REFERER headers mode.

          Good luck.

          Nihonsei
          • My Friend if Modx Works fine in IE, Crome etc... and only have problems in Firefox... that is the problem Firefox!!

            so is just configuration.

            1. Type “about:config” in the location bar, and press Enter.
            2 In the filter box, type “referer” and press Enter. This should leave you with one preference, network.http.sendRefererHeader. This is probably set to 0.
            3 Right click on network.http.sendRefererHeader and select “Modify”

            - Just change it to 2

            and thats all. grin

            Are just some things about security in firefox...

            I HOPE THAT WORKS FOR YOU TOO, MORE INFORMATION HERE:

            http://www.belafontecode.com/fix-modx-csrf-error-in-firefox/
              --
              ysanmiguel.com
            • Ysanmiguel thanks for this. It worked, and is continuing to work.

              Quote from: Ysanmiguel at May 05, 2010, 07:24 PM

              My Friend if Modx Works fine in IE, Crome etc... and only have problems in Firefox... that is the problem Firefox!!

              so is just configuration.

              1. Type “about:config” in the location bar, and press Enter.
              2 In the filter box, type “referer” and press Enter. This should leave you with one preference, network.http.sendRefererHeader. This is probably set to 0.
              3 Right click on network.http.sendRefererHeader and select “Modify”

              - Just change it to 2

              and thats all. grin

              Are just some things about security in firefox...

              I HOPE THAT WORKS FOR YOU TOO, MORE INFORMATION HERE:

              http://www.belafontecode.com/fix-modx-csrf-error-in-firefox/
              • Your Welcome my friend!!!
                  --
                  ysanmiguel.com
                • I am having exactly the same issue (works in IE but not firefox) but changing network.http.sendRefererHeader to 2 has no effect.

                  I am using Modx evo 1.0.5 and accessing from a computer running windows XP or ubuntu.