We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
  • A possible CSRF attempt was detected. No referer was provided by the server.

    Getting this message when trying to login to my site manager in Firefox on Mac. Just updated to 1.0.1 today. Seems to be fine at the moment in Safari.

    Anyone else experiencing this? What does it mean?
      Michael Smull
      twitter: @mdsdesign
      • 5091
      • 332 Posts
      I got this couple hours ago. It went away after couple minutes.
        • 3749
        • 24,544 Posts
          Did I help you? Buy me a beer
          Get my Book: MODX:The Official Guide
          MODX info for everyone: http://bobsguides.com/modx.html
          My MODX Extras
          Bob's Guides is now hosted at A2 MODX Hosting
        • Thanks. That other thread you pointed me to might help, but I’m not exactly sure how to do what they’re explaining. Still hoping for a better explanation.
            Michael Smull
            twitter: @mdsdesign
            • 34017
            • 898 Posts
            There was a bug in 1.0.1 where modx didnt recognize turning CSRF off.

            To fix, change
            if (isset($modx->config['validate_referer']) && $modx->config['validate_referer']) {

            if (isset($modx->config['validate_referer']) && $modx->config['validate_referer'] == 1) {

              Chuck the Trukk
              ProWebscape.com :: Nashville-WebDesign.com
              - - - - - - - -
              What are TV's? Here's some info below.
              • 12565
              • 8 Posts
              I’ve just installed a version of 1.0.2 and the issue is still there.

              Which file is it that I need to make that adjustment to?
                • 29525
                • 388 Posts
                I just installed 1.0.2 on hostgator for a new project. I’ve been working on it for a few days with no error message. Today, I started getting this message: A possible CSRF attempt was detected. No referer was provided by the server.

                Per another thread I tried this fix:
                The only fix was for me to change the line 228 in manager/index.php

                if (isset($modx->config[’validate_referer’]) && $modx->config[’validate_referer’]) {

                if (isset($modx->config[’validate_referer’]) && $modx->config[’validate_referer’] == ’1’) {

                After deleting: assets/cache/siteCache.idx.php and refreshing the cache in modx manager and on the browser, no effect.

                BTW, I saw two versions of the fix one like this: == ’1’ and one like this == 1. I tried both.

                I have 1.0.2 installed on hostgator for another project and have never received this message. Settings appear to be the same. Both have Validate HTTP_REFERER headers? set to yes in the configuration page in the manager.

                Not sure what to try next.

                Thank you!
                  • 32191
                  • 2 Posts
                  If your Web Developer Toolbar is set to disable referrers, you will need to enable sending of referrer info. That’s what I had to do to solve this problem.

                  Other options are detailed here: http://www.belafontecode.com/fix-modx-csrf-error-in-firefox/
                    • 29201
                    • 239 Posts
                    thanks Terry this really helped....I'm using MODx 1.0.4 and got the error after trying an upgrade to 1.0.6 failed on Bluehost.

                    Quote from: Terry at Dec 02, 2009, 09:12 PM

                    The only fix was for me to change the line 228 in manager/index.php

                    if (isset($modx->config['validate_referer']) && $modx->config['validate_referer']) {

                    if (isset($modx->config['validate_referer']) && $modx->config['validate_referer'] == '1') {

                    in the end I had change the code to this:

                    if (isset($modx->config['validate_referer']) && $modx->config['validate_referer'] == '0')

                    despite having changed the database value to 1. unsure why it's working but it's fixed for now!
                      • 51347
                      • 82 Posts
                      got the same error with evolution 1.2 after php-update.

                      A possible CSRF was detected for referer: http://www.mysite.com/manager/.

                      My solution:

                      delete the siteCache.idx.php and siteHostnames.php in assets/cache and reload the site. [ed. note: joe-petts last edited this post 6 years, 5 months ago.]