preview modal window doesn't open with csrf protection enabled

pierre · October 2015

hi,
in the fuel admin, click on the preview button triggers a 500 Internal Server Error (POST preview request ).

when i disable the csrf protection, everything works correctly.

What could be the problem ? i don't understand.

i use MAMP, php 5.6.10 and fuelcms1.3

thx

admin · October 2015

Is the "csrf_token_name" value "csrf_test_name"?

pierre · October 2015

no, i changed csrf_token_name and csrf_cookie_name values.

i restored the csrf_token_name default value and now everything seems ok.

why can i not change this ?

by the way, on some servers, encrypted cookie throws 500 Internal Server Error, this cookie value seems too long when i dig in the error logs.
On my MAMP server, it's not the case...

thank you for your response

admin · October 2015

There are AJAX requests to the server which need to append that token and it and it uses a hidden field value with the id of "csrf_test_name".

Regarding the encrypted cookie 500 internal Server Error, do you have any other additional information regarding the server setup?

pierre · October 2015

i don't have more info about server config. It's a regular LAMP, FPM/FastCGI , php5.4.45-0+deb7u1 and varnish cache in front.

thank you for details about csrf cookie, if i understand it's better to change anything about csrf cookie if enabled.

Howdy, Stranger!

Categories

preview modal window doesn't open with csrf protection enabled

Comments