4
Posted 21 February 2016 - 08:52 PM #1
Hey guys,
I have been in the process of setting up more product for my website. I have had no such errors previously.
When updating some pictures for the "option combination" tab, it takes me back to my dashboard and has this message in red "ErrorAccess denied: Possible CSRF attack"
Anyone know this came up all of a sudden, and how to get rid of it?
Thanks
Posted 22 February 2016 - 05:17 PM #2
We've seen this ... if you have a VPS or dedicated server you should check the value of max_post_size & max_input_vars.
Increase both of them until you no longer see that error.
If you do not have access to this setting ... look for.. or create a php.ini file and adjust there.
The values will look like:
upload_max_filesize = 10M
post_max_size = 10M
max_input_vars = 10000;
Posted 23 February 2016 - 05:37 AM #3
Thank you for your reply, that was the problem. all fixed now.
Posted 17 March 2016 - 03:35 PM #4
Posted 18 March 2016 - 08:06 AM #5
I am not on VPS or dedicated server, but I encountered similar error when adding options. This happens when I am trying to add more than 70 product options. Is there any maximum product options?
See the FDGWEB reply,
The more products/options/features you have on a page the bigger values should be.
I suppose if you update values accordingly to FDGWEB suggestion everything should work.
Posted 05 April 2016 - 10:32 PM #6
Glad we could help. 
Posted 09 November 2017 - 01:55 PM #7
I've made everything as suggested but its still doesn work. Whn one clicks login to account via popup - results ends with CRSF erroR message
max_input_vars 10000 post_max_size 20M upload_max_filesize 16M
PLEASE HELP!!!!!
Posted 09 November 2017 - 03:13 PM #8
I've made everything as suggested but its still doesn work. Whn one clicks login to account via popup - results ends with CRSF erroR message
max_input_vars 10000 post_max_size 20M upload_max_filesize 16M
PLEASE HELP!!!!!
Speak to your host they can fix it
Custom printed hi visibility clothing sale the UK's online hivis safety shop
v4.5.2
Posted 09 November 2017 - 03:15 PM #9
Speak to your host they can fix it
what they can fix ? i manage server myself and made all values as suggested, is doesn't helped at all
Posted 09 November 2017 - 05:22 PM #10
your call
Custom printed hi visibility clothing sale the UK's online hivis safety shop
v4.5.2
Posted 09 November 2017 - 10:22 PM #11
Have you verfied that after setting those values that they are in fact being set? If you make them too big, there are compiled limits in PHP that will reject the request for increase. Using 20M is probably overkill.
EZ Merchant Solutions: Custom (USA based) B2B Development, Consulting, Development and Special Projects (get a quote here).
Commercial addons, payment methods and modifications to meet your business and operations needs.
Posted 10 November 2017 - 10:52 AM #12
yes, all set. actually to me all this requirements make no sense at all as i just have problem only when
i click - my account - login, and when entered login/password i get this error!
login/password entered Karl! not 10000 vars or post body > 10M just simple login form, so problem is not there
Posted 10 November 2017 - 10:58 AM #13
When i click on link Login and enter login password - i see error
access Denied: Possible Csrf Attack
but normal web login form works ok
whats wrong ?
started to happen after last upgrade, using UniTheme
Posted 10 November 2017 - 12:33 PM #14
This notice appears if security_hash parameter is missing in the POST request. In most cases it happens if server truncates the request. The above solutions shoul help to resolve the problem. In some cases you may also need to increase the value of the pcre.backtrack_limit PHP directive.
If this does not help, please contact us via Help desk and provide access to your server so that we could examine the issue.
When i click on link Login and enter login password - i see error
access Denied: Possible Csrf Attack
but normal web login form works ok
whats wrong ?
started to happen after last upgrade, using UniTheme
Posted 10 November 2017 - 12:57 PM #15
you are right security_hash is not sent, have no idea why. sent support questiosn to all - cs-cart and uniTheme dont know whos bug is it
Posted 10 November 2017 - 08:45 PM #16
I see this on occasion with clients who let their browsers auto-fill their logins. I.e. the return_url is either invalid or is not valid for that account. I always suggest that they simply strip any admin login down to the example.com/admin.php (adjusted for your site). I generally have NOT seen it when someone tries to access an admin page but their session has expired which then causes the redirect to login with the return_url being the page they were on.
Hope that helps.
EZ Merchant Solutions: Custom (USA based) B2B Development, Consulting, Development and Special Projects (get a quote here).
Commercial addons, payment methods and modifications to meet your business and operations needs.
Sign In