CSRF check failed

Palbin · Posted: Wed Nov 18, 2009 6:07 pm

sak wrote:

I applied this fix to my Your_Account/index.php

Now I get this when users try to change avatar:

There was an error when we tried to save your Avatar: Wrong avatar format! Avatars can only be gif, jpg, or png format.

All of the files displayed in the gallery are .jpg and .gif. Any idea what the problem is?

So you are getting this when selecting an avatar from the gallery? Obviously this error message is only meant when uploading avatars. If you have problems after updating let us know.

sak · Worker Joined: Jul 06, 2005 Posts: 167

Update complete -- but I'm still getting this message when I try to use the gallery. :\

I'm also getting a new bug -- having this:

Code:

ï»¿

at the top of all my pages. You can see it at

Only registered users can see links on this board!
Get registered or login to the forums!

nuken · Posted: Thu Nov 19, 2009 6:32 am

Try this

Only registered users can see links on this board!
Get registered or login to the forums!

sak · Worker Joined: Jul 06, 2005 Posts: 167

Fixed!! Thanks a lot, nuken. Can't believe I didn't see that thread Surprised

myrtletrees · Posted: Fri May 06, 2011 12:41 pm

Interesting. I get this error when I go into Nuke Sentinel and try to "IP2C Update Tracked IP's"..Step 1 of 1 completes then the page flips to the error message:

CSRF check failed. Please enable cookies.
If the problem persists, please contact the server/website administrator

Cookies ARE enabled in my browser and there is no option at all in my rnconfig file to turn off CSRF checking.

I am running RN 2.40.01

EDIT: Actually, I get that error when I try any of the IP2C update options.

Guardian2003 · Posted: Sat May 07, 2011 6:36 am

I just tried this and can reproduce the issue every time.

Palbin · Posted: Sat May 07, 2011 12:20 pm

I could have sworn we fixed this before. I will look at it.

Palbin · Posted: Sat May 07, 2011 7:33 pm

myrtletrees, replace your includes/tengnuke/shortlinks/shortlinks.php with this one

Only registered users can see links on this board!
Get registered or login to the forums!

, and let me know how if that corrects the problem.

myrtletrees · Posted: Mon May 09, 2011 10:10 am

Palbin wrote:

myrtletrees, replace your includes/tengnuke/shortlinks/shortlinks.php with this one

Only registered users can see links on this board!
Get registered or login to the forums!

, and let me know how if that corrects the problem.

Got no error that time. Thanks!

Guardian2003 · Posted: Mon May 09, 2011 10:57 am

Palbin wrote:

I could have sworn we fixed this before. I will look at it.

So did I so your not on your own in that thought.

montego · Posted: Thu May 12, 2011 8:05 am

I won't get to releasing ShortLinks 1.3.0 this weekend (am tied up elsewhere), but will try and release it next week. It is currently in the hands of the RN Team for evaluation, but looks like I may need to get it out sooner rather than later. Thanks for testing this!

killing-hours · Posted: Thu May 12, 2011 8:18 am

montego wrote:

I won't get to releasing ShortLinks 1.3.0 this weekend (am tied up elsewhere), but will try and release it next week. It is currently in the hands of the RN Team for evaluation, but looks like I may need to get it out sooner rather than later. Thanks for testing this!

Looking forward to that release! I'm assuming it will address the inline we discussed on your site?

montego · Posted: Sat May 14, 2011 4:27 pm

killing-hours wrote:

I'm assuming it will address the inline we discussed on your site?

Yes, it addresses that issue.

neralex · Worker Joined: Aug 22, 2007 Posts: 197 Location: Germany

hey!

i have the error occasionally in the news-module, if i want save a new story. most i have more admin.php tabs open in my browser. the fix in the your_account module was set. the output buffering = 4096.

how can i fix it?

Crying or Very sad

nuken · Posted: Sat Jul 30, 2011 9:30 am

What version of RN are you using?

spasticdonkey · Posted: Sat Jul 30, 2011 9:41 am

are you using firefox? it has been known to be overly-aggressive with it's cache and may be pulling a cached version of the page. If you have mod_header and mod_expires enabled on your server you could edit htaccess to include this, it may help.

Code:

<IfModule mod_expires.c>
ExpiresActive On
# ExpiresDefault A86400
ExpiresByType image/x-icon "access plus 1 month"
ExpiresByType text/css "access plus 5 minutes"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType text/plain "access plus 15 minutes"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType video/x-flv "access plus 1 month"
ExpiresByType application/pdf "access plus 1 month"
# ExpiresByType text/html "access plus 5 minutes"
ExpiresByType text/javascript "access plus 5 minutes"
ExpiresByType application/x-javascript "access plus 5 minutes"
# Force no caching for dynamic files
<FilesMatch "\.(php|cgi|pl|html)$">
ExpiresActive Off
Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
Header set Pragma "no-cache"
</FilesMatch>
</IfModule>

there also some browser tweaks that may help as well.

Only registered users can see links on this board!
Get registered or login to the forums!

nuken · Posted: Sat Jul 30, 2011 9:46 am

The csrf token expires after 2 hours. If you have the submit news window open more than 2 hours before you save it, it will not submit. The expire time can be adjusted, but 2 hours is a reasonable amount of time.

neralex · Worker Joined: Aug 22, 2007 Posts: 197 Location: Germany

hey nuken & spasticdonkey!

its a RavenNuke(tm) v2.40.01
yes, i using firefox

i will try it with htacess issue and with the browser tweaks.

thanks for info about the expire time!

Razz