Note the upgraded forum! If you are experiencing issues logging in, you may need to reset your password which should send an email. If the email doesn't arrive, be sure to check your spam folder just in case.

preview modal window doesn't open with csrf protection enabled

edited October 2015 in Bug Reports
hi,
in the fuel admin, click on the preview button triggers a 500 Internal Server Error (POST preview request ).


when i disable the csrf protection, everything works correctly.

What could be the problem ? i don't understand.

i use MAMP, php 5.6.10 and fuelcms1.3

thx

Comments

  • edited 2:46PM
    Is the "csrf_token_name" value "csrf_test_name"?
  • edited 2:46PM
    no, i changed csrf_token_name and csrf_cookie_name values.

    i restored the csrf_token_name default value and now everything seems ok.

    why can i not change this ?

    by the way, on some servers, encrypted cookie throws 500 Internal Server Error, this cookie value seems too long when i dig in the error logs.
    On my MAMP server, it's not the case...

    thank you for your response
  • edited 2:46PM
    There are AJAX requests to the server which need to append that token and it and it uses a hidden field value with the id of "csrf_test_name".

    Regarding the encrypted cookie 500 internal Server Error, do you have any other additional information regarding the server setup?
  • edited 2:46PM
    i don't have more info about server config. It's a regular LAMP, FPM/FastCGI , php5.4.45-0+deb7u1 and varnish cache in front.

    thank you for details about csrf cookie, if i understand it's better to change anything about csrf cookie if enabled.
Sign In or Register to comment.