preview modal window doesn't open with csrf protection enabled

edited October 2015 in Bug Reports
hi,
in the fuel admin, click on the preview button triggers a 500 Internal Server Error (POST preview request ).


when i disable the csrf protection, everything works correctly.

What could be the problem ? i don't understand.

i use MAMP, php 5.6.10 and fuelcms1.3

thx

Comments

  • edited 3:25PM
    Is the "csrf_token_name" value "csrf_test_name"?
  • edited 3:25PM
    no, i changed csrf_token_name and csrf_cookie_name values.

    i restored the csrf_token_name default value and now everything seems ok.

    why can i not change this ?

    by the way, on some servers, encrypted cookie throws 500 Internal Server Error, this cookie value seems too long when i dig in the error logs.
    On my MAMP server, it's not the case...

    thank you for your response
  • edited 3:25PM
    There are AJAX requests to the server which need to append that token and it and it uses a hidden field value with the id of "csrf_test_name".

    Regarding the encrypted cookie 500 internal Server Error, do you have any other additional information regarding the server setup?
  • edited 3:25PM
    i don't have more info about server config. It's a regular LAMP, FPM/FastCGI , php5.4.45-0+deb7u1 and varnish cache in front.

    thank you for details about csrf cookie, if i understand it's better to change anything about csrf cookie if enabled.
Sign In or Register to comment.