1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF Error returned - CSRF

Discussion in 'Troubleshooting and Problems' started by Vincent Gabriel, Sep 27, 2014.

  1. Vincent Gabriel

    Vincent Gabriel Active Member

    For some reason i get this error when i try to install a new addon through the ACP:

    Security error occurred. Please press back, refresh the page, and try again.

    it appears to be coming from the CSRF check in the Controller.php class. But the CSRF is valid, and even if i return true in that method it won't show the error above but will just refresh and do nothing. This happens to pretty much everything in the ACP. i tried 1.3 and 1.4 and same result.

    The thing is, this happens on my laptop but on a desktop at work everything works just fine. i tried changing virtual host, re-installing/un-installing, deleting cookies yet i get the same result. I was wondering if anyone can shade some light on this as i am not sure if this is a XF software issue or a specific issue with my laptop. Both running MAC OS latest i am using Chrome but tried with other browsers.

  2. Vincent Gabriel

    Vincent Gabriel Active Member

  3. Mike

    Mike XenForo Developer Staff Member

    If it's only happening on your laptop, that would seem to imply that the data isn't being sent to the server properly. You can probably verify this by dumping the request data on the server (and comparing it to the request shown in the browser dev tools).
  4. Zenexer

    Zenexer Active Member

    Shooting in the dark here, but is it possible you have a low limit on request variables (querystring/form parameters)? I believe the default in php.ini is 128, which is usually sufficient for XenForo, but can sometimes be exceeded in the ACP. You may also have a limit in Apache; I don't use Apache these days, so I don't really know if that's possible/probable. The CSRF token is often one of the last parameters sent, so it's likely to be excluded if your limit is too low. Alternatively, do you have any limits on file uploads? Does it work if you specify a file path on the server instead of uploading the XML file?
  5. Vincent Gabriel

    Vincent Gabriel Active Member

    @Zenexer That was actually a long shot, but it worked.

    php.ini setting was incorrectly set:

    post_max_size = 200MB

    instead of being

    post_max_size = 200M

    causing the post max size to be 0.

    This is now resolved.


Share This Page