Jump to content

Constant Security Alert


Mike101za

Recommended Posts

Hi, I have installed Cubecart. I am now trying to set up.

However, the following happens on almost everything I do: Security Alert: Possible Cross-site request forgery (CSRF) or Browser back button used.

I the redo the whole operation and nothing happens. Maybe every fourth time of doing the same thing, I get the blue bar to say ie: logo uploaded.

However no logo displays on the store. Or Category updated, yet the category does not appear.

Thank you

Mike

 

Link to comment
Share on other sites

Welcome Mike101za! Glad to see you made it to the forums.

There could be an issue with how PHP has been installed, or one or more of its settings. Is your site being hosted by a hosting company?

Generally, a CSRF warning happens when the "security token" in the POSTed data does not match what CubeCart thinks it should be. So, either:

* you had more than one window open, POSTed a form from the first window, switched to the other window, and POSTed the form from that window (or browser tab).

* for some reason, the "security token", which is always the last form element in the POSTed collection of variables, gets lost or discarded by the time PHP gives that data collection to the script. Your browser may be not including it (never seen that happen, but with Chrome, who knows), the web server may have an extraordinarily low amount of bytes it will allow in the POST payload, PHP may have a weirdly low limit for the quantity of POST data, or something else.

Link to comment
Share on other sites

1 hour ago, bsmither said:

Welcome Mike101za! Glad to see you made it to the forums.

There could be an issue with how PHP has been installed, or one or more of its settings. Is your site being hosted by a hosting company?

Generally, a CSRF warning happens when the "security token" in the POSTed data does not match what CubeCart thinks it should be. So, either:

* you had more than one window open, POSTed a form from the first window, switched to the other window, and POSTed the form from that window (or browser tab).

* for some reason, the "security token", which is always the last form element in the POSTed collection of variables, gets lost or discarded by the time PHP gives that data collection to the script. Your browser may be not including it (never seen that happen, but with Chrome, who knows), the web server may have an extraordinarily low amount of bytes it will allow in the POST payload, PHP may have a weirdly low limit for the quantity of POST data, or something else.

Hi,

Yes it is being hosted.

Does this mean I cannot use Cubecart?

Mike

 

Link to comment
Share on other sites

We would ask that some consideration be given to having your hosting provider get involved and answer some questions regarding any extraordinarily low limits on web server and/or PHP settings. Settings that might affect what kind of data or how much data can be POSTed to CubeCart.

CubeCart can operate in many kinds of hosting packages - but probably not overly restrictive (memory, mod_security rules, etc) or have any sort of super-aggressive page caching mechanism.

Link to comment
Share on other sites

  • 1 month later...

I have same problem. CubeCart hosted on localhost, installed XAMPP  7.1.13.

Browsers Microsoft Edge, IE, Google Chrome issue always after logging CSRF. Mozilla Firefox never issue, all working correct. It become little traumatical.

Same error happen if login as admin or as customer. For now in testing phase I shoud work just over Firefox, but it not acceptable. Does anybody can help and offer solution.

Thanks

Img 397 13-Feb 16.49.jpg

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...