We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
MODX Community Forums Archive

A possible CSRF attempt was detected. No referer was provided by the server.

  • mdsdesign Reply #1, 14 years, 5 months ago
    A possible CSRF attempt was detected. No referer was provided by the server.

    Getting this message when trying to login to my site manager in Firefox on Mac. Just updated to 1.0.1 today. Seems to be fine at the moment in Safari.

    Anyone else experiencing this? What does it mean?
      Michael Smull
      http://www.bigpixelstudio.com
      twitter: @mdsdesign
      • 5091
      • 332 Posts
      chinesedream Reply #2, 14 years, 5 months ago
      I got this couple hours ago. It went away after couple minutes.
        • 3749
        • 24,544 Posts
        BobRay Reply #3, 14 years, 5 months ago
        http://en.wikipedia.org/wiki/Cross-site_request_forgery

        http://modxcms.com/forums/index.php?topic=36771.0

          Did I help you? Buy me a beer
          Get my Book: MODX:The Official Guide
          MODX info for everyone: http://bobsguides.com/modx.html
          My MODX Extras
          Bob's Guides is now hosted at A2 MODX Hosting
        • mdsdesign Reply #4, 14 years, 5 months ago
          Thanks. That other thread you pointed me to might help, but I’m not exactly sure how to do what they’re explaining. Still hoping for a better explanation.
            Michael Smull
            http://www.bigpixelstudio.com
            twitter: @mdsdesign
            • 34017
            • 898 Posts
            chucktrukk Reply #5, 14 years, 5 months ago
            There was a bug in 1.0.1 where modx didnt recognize turning CSRF off.

            To fix, change
            <?php 
if (isset($modx->config['validate_referer']) && $modx->config['validate_referer']) {


            to
            <?php
if (isset($modx->config['validate_referer']) && $modx->config['validate_referer'] == 1) {

              Chuck the Trukk
              ProWebscape.com :: Nashville-WebDesign.com
              - - - - - - - -
              What are TV's? Here's some info below.
              http://modxcms.com/forums/index.php/topic,21081.msg159009.html#msg1590091
              http://modxcms.com/forums/index.php/topic,14957.msg97008.html#msg97008
              • 12565
              • 8 Posts
              ianburrett Reply #6, 14 years, 5 months ago
              I’ve just installed a version of 1.0.2 and the issue is still there.

              Which file is it that I need to make that adjustment to?
                • 29525
                • 388 Posts
                Terry Reply #7, 14 years, 4 months ago
                I just installed 1.0.2 on hostgator for a new project. I’ve been working on it for a few days with no error message. Today, I started getting this message: A possible CSRF attempt was detected. No referer was provided by the server.

                Per another thread I tried this fix:
                The only fix was for me to change the line 228 in manager/index.php

                from
                if (isset($modx->config[’validate_referer’]) && $modx->config[’validate_referer’]) {

                to
                if (isset($modx->config[’validate_referer’]) && $modx->config[’validate_referer’] == ’1’) {

                After deleting: assets/cache/siteCache.idx.php and refreshing the cache in modx manager and on the browser, no effect.

                BTW, I saw two versions of the fix one like this: == ’1’ and one like this == 1. I tried both.

                I have 1.0.2 installed on hostgator for another project and have never received this message. Settings appear to be the same. Both have Validate HTTP_REFERER headers? set to yes in the configuration page in the manager.

                Not sure what to try next.

                Thank you!
                  www.terrybarthdesign.com
                  • 32191
                  • 2 Posts
                  webxmodx Reply #8, 14 years, 2 months ago
                  If your Web Developer Toolbar is set to disable referrers, you will need to enable sending of referrer info. That’s what I had to do to solve this problem.

                  Other options are detailed here: http://www.belafontecode.com/fix-modx-csrf-error-in-firefox/
                    • 29201
                    • 239 Posts
                    TAIYO Reply #9, 11 years, 4 months ago
                    thanks Terry this really helped....I'm using MODx 1.0.4 and got the error after trying an upgrade to 1.0.6 failed on Bluehost.

                    Quote from: Terry at Dec 02, 2009, 09:12 PM



                    The only fix was for me to change the line 228 in manager/index.php

                    from
                    if (isset($modx->config['validate_referer']) && $modx->config['validate_referer']) {

                    to
                    if (isset($modx->config['validate_referer']) && $modx->config['validate_referer'] == '1') {


                    in the end I had change the code to this:

                    if (isset($modx->config['validate_referer']) && $modx->config['validate_referer'] == '0')


                    despite having changed the database value to 1. unsure why it's working but it's fixed for now!
                      • 51347
                      • 82 Posts
                      joe-petts Reply #10, 7 years, 3 months ago
                      got the same error with evolution 1.2 after php-update.

                      A possible CSRF was detected for referer: http://www.mysite.com/manager/.


                      My solution:

                      delete the siteCache.idx.php and siteHostnames.php in assets/cache and reload the site. [ed. note: joe-petts last edited this post 6 years, 5 months ago.]