Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Displays "CSRF detected!" when the edit page is open for some time
#1
This only happens when the edit page is like open for some time without activity, probably 30 minutes or more? But after clicking "Pages" then edit the same page again the problem goes away.

It's not a serious problem, but do you have a fix? Because I tend to leave a page in edit mode for a long time specially to edit the content in an external editor, the paste into GS page editor.

Thanks!
Reply
#2
This is a known problem and has been discussed here in the forum some times (do a search! There are fixes)

Next version will not show this behaviour.
|--

Das deutschsprachige GetSimple-(Unter-)Forum:   http://get-simple.info/forums/forumdisplay.php?fid=18
Reply
#3
Eight months later, I just got same error in the same scenario. Is 3.1 the next version of which you speak?

I'm just sayin'
Reply
#4
Info on this phenomen in the WIKI: http://get-simple.info/wiki/security:csrf

how to overcome this problem: from the WIKI at http://get-simple.info/wiki/config:gsconfig

Quote:GSNOCSRF (3.1+) allows you to turn off the CSRF protection system

# Turn off CSRF protection. Not reccomended
#define('GSNOCSRF', TRUE);

so edit your gsconfig.php and activate the GSNOCSRF-option

I did and I got rid of these false alarms on my site
|--

Das deutschsprachige GetSimple-(Unter-)Forum:   http://get-simple.info/forums/forumdisplay.php?fid=18
Reply
#5
I'm today test and i think on Old version firefox, opera, explorer you can see CSRF Deteced but I use google chrome and with this browser i can't see CSRF Deteced Big Grin What you think about to change text CSRF Detected to Oops you have problem with outdated browser download Google Chrome
Reply
#6
I do not think that would cause the issue. Perhaps your ip address is changing ? Are you behind a proxy?
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#7
I'm tested this in my school but you know in school IT technology is very bad Big Grin

On every page when i go change password i see CSRF Deteced i go change theme i see this and when i go edite page i see this
Reply
#8
this is not a browser problem, it is a server-related problem

so you are lucky that CHROME did not show this of unknown reasons

"CSRF detected" is not a GS - output, it is a server error- or failure-message
and I am sure nobody at Apache.org will discriminate any browser ;=)

I personally only discriminate IE >10.0 as "browser from hell", hihi
|--

Das deutschsprachige GetSimple-(Unter-)Forum:   http://get-simple.info/forums/forumdisplay.php?fid=18
Reply
#9
We do have an existing issue with our nonces being ip locked this could be related to that issue.
It would be nice to know for sure if you ip is always different, can you goto a myip site and verify this or not.
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#10
I have this problem only in school maybe bacause we have in school 30-40 computer in wlan
Reply
#11
I'll prioritize this for next release
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#12
(2013-03-08, 06:06:16)shawn_a Wrote: We do have an existing issue with our nonces being ip locked this could be related to that issue.
It would be nice to know for sure if you ip is always different, can you goto a myip site and verify this or not.

I can confirm this is an issue with the IP, as I sometimes run behind an anonymizing proxy, and have to keep re-logging in as the CSRF occurs regularly.

-Rob A>
Reply
#13
Because of this FUCKING ERROR I lost tons of time and good text, FOR FUCK SAKE REPAIR THIS SHIT!!!!!!!!!!!!!!!!!!!!!!!!!!!


awwwwwwwwwwwwwwww i had too...
Reply
#14
What is a long time ? We have time limited csrf.
Also what kind of shitty browser does not let you go back.
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#15
(2013-05-22, 02:31:10)shawn_a Wrote: Also what kind of shitty browser does not let you go back.

I can confirm this bug.

I'm using Firefox 22.0. Whereas going back usually works with forms on other websites (conserving the entered texts) it doesn't work in getsimple: Once this "CSRF detected" error appeared all form fields of the edit-page-view will show the outdated saved contents when going back.
Reply
#16
This is fixed in 3.2.2 beta.
We no longer use ip for nonce. It's possible it can still timeout but we can narrow that down as a seperate issue if people still have issues
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#17
Thumbs Up 
(2013-07-18, 11:23:17)shawn_a Wrote: This is fixed in 3.2.2 beta.

Great news! Thanks for the fix!
Reply
#18
(2013-07-20, 22:38:46)peppermint Wrote:
(2013-07-18, 11:23:17)shawn_a Wrote: This is fixed in 3.2.2 beta.

Great news! Thanks for the fix!


Problem still present on V3.3.1
Reply
#19
What problem is that?
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#20
I just had this appear on a 3.3.2 installation, so it's apparently still an issue?
Reply
#21
It's an issue if you sit there on the page forever as design.. Otherwise you need to be more specific
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply




Users browsing this thread: 1 Guest(s)