Hey guys,
I have been in the process of setting up more product for my website. I have had no such errors previously.
When updating some pictures for the "option combination" tab, it takes me back to my dashboard and has this message in red "ErrorAccess denied: Possible CSRF attack"
Anyone know this came up all of a sudden, and how to get rid of it?
Thanks
We've seen this ... if you have a VPS or dedicated server you should check the value of max_post_size & max_input_vars.
Increase both of them until you no longer see that error.
If you do not have access to this setting ... look for.. or create a php.ini file and adjust there.
The values will look like:
upload_max_filesize = 10M
post_max_size = 10M
max_input_vars = 10000;
Thank you for your reply, that was the problem. all fixed now.
I am not on VPS or dedicated server, but I encountered similar error when adding options. This happens when I am trying to add more than 70 product options. Is there any maximum product options?
I am not on VPS or dedicated server, but I encountered similar error when adding options. This happens when I am trying to add more than 70 product options. Is there any maximum product options?
See the FDGWEB reply,
The more products/options/features you have on a page the bigger values should be.
I suppose if you update values accordingly to FDGWEB suggestion everything should work.
Glad we could help. :)
I've made everything as suggested but its still doesn work. Whn one clicks login to account via popup - results ends with CRSF erroR message
max_input_vars
10000
post_max_size
20M
upload_max_filesize
16M
PLEASE HELP!!!!!
I've made everything as suggested but its still doesn work. Whn one clicks login to account via popup - results ends with CRSF erroR message
max_input_vars 10000 post_max_size 20M upload_max_filesize 16M
PLEASE HELP!!!!!
Speak to your host they can fix it
Speak to your host they can fix it
what they can fix ? i manage server myself and made all values as suggested, is doesn't helped at all
your call
Have you verfied that after setting those values that they are in fact being set? If you make them too big, there are compiled limits in PHP that will reject the request for increase. Using 20M is probably overkill.
yes, all set. actually to me all this requirements make no sense at all as i just have problem only when
i click - my account - login, and when entered login/password i get this error!
login/password entered Karl! not 10000 vars or post body > 10M just simple login form, so problem is not there
When i click on link Login and enter login password - i see error
access Denied: Possible Csrf Attack
but normal web login form works ok
whats wrong ?
started to happen after last upgrade, using UniTheme
This notice appears if security_hash parameter is missing in the POST request. In most cases it happens if server truncates the request. The above solutions shoul help to resolve the problem. In some cases you may also need to increase the value of the pcre.backtrack_limit PHP directive.
If this does not help, please contact us via Help desk and provide access to your server so that we could examine the issue.
When i click on link Login and enter login password - i see error
access Denied: Possible Csrf Attack
but normal web login form works ok
whats wrong ?
started to happen after last upgrade, using UniTheme
you are right security_hash is not sent, have no idea why. sent support questiosn to all - cs-cart and uniTheme dont know whos bug is it
I see this on occasion with clients who let their browsers auto-fill their logins. I.e. the return_url is either invalid or is not valid for that account. I always suggest that they simply strip any admin login down to the example.com/admin.php (adjusted for your site). I generally have NOT seen it when someone tries to access an admin page but their session has expired which then causes the redirect to login with the return_url being the page they were on.
Hope that helps.
ErrorAccess denied: Possible CSRF attack
Hi how to fix this... when I do key-in logistic database for Shipping method > shipping time and rates > show rates for rate area > weight dependencies :
I key-in to many line by line from 0kg to 30kg when I save all lost. page bring me to main Dashboard and
ErrorAccess denied: Possible CSRF attack <<< this notification come out ...
I see this on occasion with clients who let their browsers auto-fill their logins. I.e. the return_url is either invalid or is not valid for that account. I always suggest that they simply strip any admin login down to the example.com/admin.php (adjusted for your site). I generally have NOT seen it when someone tries to access an admin page but their session has expired which then causes the redirect to login with the return_url being the page they were on.
Hope that helps.
Our customers complained about CSRF attack error when login.
I can reproduce this error on https sites when login is made with popup (My account->Sign in) when "Remember me" option is offered and checked.
Procedure is this:
- sign in as customer with popup login on https site, check "Remember me" box
- save your password with username
- sign out
- clear cookies and sessions in browser
- sign in as customer with popup login and use browser saved username and password
The result is an error: Access denied. Possible CSRF attack. I reproduced this in latest Chrome, Edge and Firefox browser.
Does anyone have a solution to this?
Thank you!
ErrorAccess denied: Possible CSRF attack
i have the same issue, I edited the php.ini as following
Hi.
Same problem here too. Losing plenty of money whilst this is happening. Firstly a customer was getting a "Error. Sorry, the anti-bot validation has failed. If you’re seeing this message, please contact us and let us know about it.
This I read could be something in regards Google Captcha. So I removed the Captcha from Login.
My customer then got the same as above.
"Error Access denied: Possible CSRF attack.
Help is really needed here please.