CRITICAL SECURITY VERSION UPDATE:
https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.13

CMS CSRF Protection

jazzcinationjazzcination
in Feature Requests

When I did enable the CSRF protection at Fuel 1.4, then at login to CMS Panel, got the "The action you have requested is not allowed" message related to CSRF protection not enabled properly.

I Just did set to true this:
$config['csrf_protection'] = TRUE;

at fuel/application/config.php

Thanks,

Comments

  • adminadmin

    What is the URL you are trying to access. I'm having trouble replicating that issue.

  • methakonmethakon

    i have the similar issue . with same and all older versions .
    lest elaborate the issue :

    my config.php in application config

    $config['csrf_protection'] = TRUE;
    $config['csrf_token_name'] = 's_csrf_tocken';
    $config['csrf_cookie_name'] = 's_csrf_cookie';
    $config['csrf_expire'] = 7200;
    $config['csrf_regenerate'] = TRUE;
    $config['csrf_exclude_uris'] = array();

    in a simple module with following filds

    name,profile image ....

    so when ever i am going to create or edit and upload a file in profile image section
    then return back in main from page of the module .

    and try to save the from it is giving the error:
    **
    An Error Was Encountered

    The action you have requested is not allowed.**

    as the csrf token got changed in iframe of the asset up loader

  • methakonmethakon

    https://stackoverflow.com/questions/58135213/fuel-cms-simple-module-csrf-update-issue

  • adminadmin

    What version of FUEL are you using? (echo FUEL_VERSION)

    Have you upgraded to the latest to see if it fixes your issue?

Sign In or Register to comment.