next »

[rhyno]

Hi,
Well I some how managed to screwup my site.... Nothing new as I am a newb when it comes to MODX....

Anyway, I currently am getting the following message when I click on andthing in the manager window....
A possible CSRF attempt was detected. No referer was provided by the server.
This occures when I set the Validate HTTP_REFERER headers to Yes.... But now I can't get back into reset this.... Please help.
In trying to resolve this issue I logged out... Now I get the same error when I try to log in. I know it was stupid of me to log out... I really don;t what to re-install my modx site....

[shamblett]

There's a column named 'validate_referer' in your <prefix>_system_settings table(0.9.6.2 here), use phpMyAdmin or some such to  see what this is set to in your database, if its '1' set it back to '0' and see if the problem persists.

[rhyno]

I am not seeing a 'validate_referer' in my modx_system_settings table. When I search for validate on my system I get nothing. Please advice.

[sottwell]

It's there; it's on the third and last page of results in my phpmyadmin table browse page.

[rhyno]

Sorry Susan you were right... It was there... Just on the second page.... lol

Set it to 0 it was set to 1. But Still no dice...

http://www.chrys-haefen.com/modx/modx-0.9.6.3/manager/

[sottwell]

Try clearing your browser cookies and cache for your domain.

[rhyno]

Well we are getting closer.... It gave me the login page.... when I logged in I got the error 'A possible CSRF attempt was detected. No referer was provided by the server.' Any other ideas?

[sottwell]

Hm. Search the assets/cache/siteCache.idx.php file; I believe that the system settings are cached there, and it may be using it from there instead of from the database. It's on line 77 in my siteCache file.

[rhyno]

That was it... Logged in and everything is going great. Thank you so much for helping me out...

[mdsdesign]

Can you explain in a little more detail how you cleared this up? I'm having the same issue and was pointed to this thread from my post.

[Sylvaticus]

There's a column named 'validate_referer' in your <prefix>_system_settings table(0.9.6.2 here), use phpMyAdmin or some such to  see what this is set to in your database, if its '1' set it back to '0' and see if the problem persists.

Got my problem solved by your solution. (Thanks for sharing that )

But now I'm getting a warning in the manager:
The configuration setting Validate HTTP_REFERER headers? is Off. We recommend turning it On.

What should I do here?

[OpenGeek]

But now I'm getting a warning in the manager:
The configuration setting Validate HTTP_REFERER headers? is Off. We recommend turning it On.

What should I do here?

Your options are to get your server to set the HTTP_REFERER header properly so you can turn this feature On, or ignore the warning. Just make sure if you are logged into your manager that you don't click any suspicious links on web pages that point back to your manager; someone could trick a manager user into deleting Resources or other malicious things using this technique if you are not using the validate_referrers option.

[Sylvaticus]

Thanks.

[amdd]

I'm having this issue, too. The fix with resetting both database and cache file works, but only for a short time. After having fixed the problem I log in, edit some text, klick safe, and get the error message "A possible CSRF attempt was detected. No referer was provided by the server."!

What causes the problem is that in the meantime the database has set the validate_referrer to "00" (instead of "0")...

This happens only when I work from home, the login from the office works as it should. Any ideas what causes the db to change the setting?

Does version 1.0.2 fix this issue? I'm working with 1.0.1 a the moment.

[rthrash]

1.0.2 fixes other issues, and possibly that one too. It's a very critical upgrade.

[madquirk]

Just to note that I had the same problem as described here after just newly installing 1.0.2 (have not used previous versions).
Had to go through both steps of changing the validate_referer value to 0 through phpMyAdmin, and in the siteCache file. All working fine now though, thanks for the help!

[dimitrix]

Hello everybody,

I had the same issue and nothing helped me. When i delete cookies i can connect to manager connection window, but not to the administration page. Changing validate_referer in database didnt helped neither.

So i tried to open the index.php in manager folder of my site with notepad++(any other editor works too). I found there the code for CSRF issue (juste do ctrl+F and write CSRF in the window) and i juste put this part of code in comment. And now it works.

I suppose it is not the best solution. I dont even know what does CSRF mean, but apperently it's related to hackers attempts to acces to your site. So this solution is good only when you work at home.

[dimitrix]

Heh, i didnt see that message about changing valid referer from siteCache.idx.php...

Now it works !

[filnug]

Hi there,

In my case the line "validate referer" was on line 73. Just in case it help someone.
Thanks for this post!

[Biacl Mabol]

Sorry for my English.

This error is only in firefox?

If is it, go to "about:conig" and set value network.http.sendRefererHeader;  to 2 (default)

it is possible that some addon change automatically this value to 0, look again after change.

Now for me it's ok!