Displays "CSRF detected!" when the edit page is open for some time

[phpsns]

This only happens when the edit page is like open for some time without activity, probably 30 minutes or more? But after clicking "Pages" then edit the same page again the problem goes away.

It's not a serious problem, but do you have a fix? Because I tend to leave a page in edit mode for a long time specially to edit the content in an external editor, the paste into GS page editor.

Thanks!

[Connie]

This is a known problem and has been discussed here in the forum some times (do a search! There are fixes)

Next version will not show this behaviour.

[snooze]

Eight months later, I just got same error in the same scenario. Is 3.1 the next version of which you speak?

I'm just sayin'

[Connie]

Info on this phenomen in the WIKI: http://get-simple.info/wiki/security:csrf

how to overcome this problem: from the WIKI at http://get-simple.info/wiki/config:gsconfig

GSNOCSRF (3.1+) allows you to turn off the CSRF protection system

# Turn off CSRF protection. Not reccomended
#define('GSNOCSRF', TRUE);

so edit your gsconfig.php and activate the GSNOCSRF-option

I did and I got rid of these false alarms on my site

[wampir]

I'm today test and i think on Old version firefox, opera, explorer you can see CSRF Deteced but I use google chrome and with this browser i can't see CSRF Deteced What you think about to change text CSRF Detected to Oops you have problem with outdated browser download Google Chrome

[shawn_a]

I do not think that would cause the issue. Perhaps your ip address is changing ? Are you behind a proxy?

[wampir]

I'm tested this in my school but you know in school IT technology is very bad

---

On every page when i go change password i see CSRF Deteced i go change theme i see this and when i go edite page i see this

[Connie]

this is not a browser problem, it is a server-related problem

so you are lucky that CHROME did not show this of unknown reasons

"CSRF detected" is not a GS - output, it is a server error- or failure-message
and I am sure nobody at Apache.org will discriminate any browser ;=)

I personally only discriminate IE >10.0 as "browser from hell", hihi

[shawn_a]

We do have an existing issue with our nonces being ip locked this could be related to that issue.
It would be nice to know for sure if you ip is always different, can you goto a myip site and verify this or not.

[wampir]

I have this problem only in school maybe bacause we have in school 30-40 computer in wlan

[shawn_a]

I'll prioritize this for next release

[RobA]

We do have an existing issue with our nonces being ip locked this could be related to that issue.
It would be nice to know for sure if you ip is always different, can you goto a myip site and verify this or not.

I can confirm this is an issue with the IP, as I sometimes run behind an anonymizing proxy, and have to keep re-logging in as the CSRF occurs regularly.

-Rob A>

[qlwik1]

Because of this FUCKING ERROR I lost tons of time and good text, FOR FUCK SAKE REPAIR THIS SHIT!!!!!!!!!!!!!!!!!!!!!!!!!!!


awwwwwwwwwwwwwwww i had too...

[shawn_a]

What is a long time ? We have time limited csrf.
Also what kind of shitty browser does not let you go back.

[peppermint]

Also what kind of shitty browser does not let you go back.

I can confirm this bug.

I'm using Firefox 22.0. Whereas going back usually works with forms on other websites (conserving the entered texts) it doesn't work in getsimple: Once this "CSRF detected" error appeared all form fields of the edit-page-view will show the outdated saved contents when going back.

[shawn_a]

This is fixed in 3.2.2 beta.
We no longer use ip for nonce. It's possible it can still timeout but we can narrow that down as a seperate issue if people still have issues

[peppermint]

This is fixed in 3.2.2 beta.

Great news! Thanks for the fix!

[amaurib]

This is fixed in 3.2.2 beta.

Great news! Thanks for the fix!

Problem still present on V3.3.1

[shawn_a]

What problem is that?

[Elysia]

I just had this appear on a 3.3.2 installation, so it's apparently still an issue?

[shawn_a]

It's an issue if you sit there on the page forever as design.. Otherwise you need to be more specific