XF 2.1 Login from outside XF - "Security error occurred. Please press back, refresh the page, and try again."

R

robart

Member
Hi there,

So we have a modal pop-up on another CMS where we log in the user to XF (and our CMS via a bridge). This worked perfectly on XF 2.0 but when we upgraded to XF 2.1 it's no longer working.

The modal POSTS to xf.domain.com/login/login

We have an XF API end-point to get a proper _xfToken that we insert <input type="hidden"> into the form, and we have inputs for login and password.


Is anyone aware if 2.1 introduced anything that would change this? Any other security precautions that would prevent what worked in 2.0 from working in 2.1?

I know upgrading to 2.2 with the new endpoints can solve this but unfortunately I won't be able to immediately.

Thanks
 
Last edited:
robart said:
Is anyone aware if 2.1 introduced anything that would change this? Any other security precautions that would prevent what worked in 2.0 from working in 2.1?
Click to expand...
Indeed, this was changed for security reasons in 2.1.11:

xenforo.com

XenForo 2.1.11 Released (Security Fix)

Today, we are releasing XenForo 2.1.11 to address a potential security vulnerability. We recommend that all customers running XenForo 2.1 upgrade to 2.1.11 or use the attached patch file as soon as possible. (For customers running XenForo 2.0, we can only recommend upgrading to the latest...
xenforo.com xenforo.com

It's a bit of an edge case, though some browser changes have made it somewhat more easily triggered. However, given that we know there are some legitimate uses (like this), there's a src/config.php option to disable it:

Code: 
$config['enableLoginCsrf'] = false;
 
I have the same problem, using the last version of Xenforo. @Mike I have tried your solution, but to me furthermore haven't fixed the issue.
After I add this line to the config, it has worked for a while and then the problem come again. So the login from the home page some moment works and in some other not giving me the same message. This seems that succeed only in the home page connecting by mobile and not from desktop.
Have you some idea or solution?
 
You must log in or register to reply here.

Similar threads

Mr Lucky
  • Question Question
XF 2.2 Security error occurred. Please press back, refresh the page, and try again.
2
Replies
28
Views
2K
Suzanne O
Suzanne O
D
XF 2.1 Security error occurred. Please press back, refresh the page, and try again.
Replies
9
Views
2K
Deleted member 91401
D
Wesker
An unexpected database error occurred. Please try again later - Paying Premium For Assistance
Replies
8
Views
797
Claudio
Claudio
Sporadic
  • Question Question
XF 1.5 Security error occurred. Please press back, refresh the page, and try again
Replies
1
Views
1K
TheLaw
TheLaw
T
  • Question Question
XF 2.0 Oops! We ran into some problems. Security error occurred. Please press back, refresh the page, and try again.
Replies
11
Views
4K
Robert
Robert
Top Bottom