Cross-Site Request Forgery

[PeteW1959]

I know that this is addressed in several other threads, but I am experiencing it in a completely different way.

I am getting this pop up when searching for orders. Not on every search, but about 1 in 4.

I type a name (or part of) into the search box, pick the name from the list that pops up, then hit search. I then get directed to the dashboard and the alert pops up.

I can then search again for the same order and everything is fine.

I am using Firefox (don't have any other browsers installed) and I haven't upgraded from 6.0.8 yet, but this has only started happening today.

[Dirty Butter]

I use FF most of the time, but have always kept Chrome and IE installed for just such occasions. Perhaps this would be a good time for you to install at least one other browser, so you can determine if it's a browser issue or not.

[bsmither]

"I type a name (or part of) into the search box, pick the name from the list that pops up, then hit search."

Actually, you shouldn't need to click on anything but the suggested result.

In admin, top of the Navigation panel, there is what looks like a text entry box. Clicking in this box should cause a three-part panel to slide in from off the left edge of the browser window. You then click in the Search Customer text entry box and type at least three letters of the customer you are looking for.

Within a few seconds, a list of possible customers will display. Click directly on the name of the desired customer and that will load that name into the Search Customers text entry box and then the javascript that powers this box will auto-submit the form. The form contains:

search[keywords]=John Doe
search[customer_id]=5
token=cfb77b3d748bd9999ed837d1836947b5

So, if the form is not auto-submitting, then javascript is crashing at some point.

[PeteW1959]

Tried it last night on IE on another PC and it was still the same, but it seems to be OK this morning.

Brian, I am clicking on the 'Search Orders' tab on the 'Orders' page, and when I click on the text box next to 'Customer Name' all I get is 'Loading' as a list of matches starts to load. I then pick the relevant one from the list which is copied to the text box. I then have to click on the 'Search' button. This is when I *sometimes* get taken back to the dashboard and the CSRF warning.

If I click the search box at the top of the admin page I get the box come in from the side, but typing in the boxes doesn't do anything. However if I use the 'Search Customers' tab from the 'Customer List' page, I get the box slide in, and it does work.

Seems to me that CC6 is just as buggy as CC5 was, and there are just too many inconsistencies in operation across various sections. Couple this with a severe lack of very basic features and absolutely no documentation, I am now looking elsewhere.