Search Indexing and CSRF

edited June 2015 in Bug Reports

When trying to reindex a site using the Search Module within Fuel, nothing happens. If I edit and save a page, the related search index is created correctly.

In my config.php, if I set
$config['csrf_protection'] = FALSE;
I can reindex happily.

With it set to true, my Firebug console reports an error 500 - "The action you have requested is not allowed" - the classic missing CSRF problem.

It seems my other sites that have Search working also have CSRF switched off.

Is this to be expected?



  • edited 1:12PM
    A fix for that has just been pushed to allow indexing with CSRF protection turned on.
  • edited 1:12PM

    Thanks for that but unfortunately it didn't work for me. I think that's because I've customised the $config['csrf_token_name'] in config.php

    This edit to ./views/_admin/reindex.php uses the contents of $config['csrf_token_name'] and this works for me...
    var csrf = $('#<?php echo $this->config->item('csrf_token_name'); ?>').val(); var params = {pages: $('#pages').val(), <?php echo $this->config->item('csrf_token_name'); ?>: csrf };
  • edited 1:12PM
    Thanks for the fix. I've posted an update.
Sign In or Register to comment.