[davidqwerty]

Hey guys, 

 

I have been in the process of setting up more product for my website. I have had no such errors previously. 

 

When updating some pictures for the "option combination" tab, it takes me back to my dashboard and has this message in red "ErrorAccess denied: Possible CSRF attack"

 

Anyone know this came up all of a sudden, and how to get rid of it?

 

Thanks

[FDGWEB]

We've seen this ... if you have a VPS or dedicated server you should check the value of max_post_size & max_input_vars. 

 

Increase both of them until you no longer see that error.

 

If you do not have access to this setting ... look for.. or create a php.ini file and adjust there.

 

The values will look like:

 

upload_max_filesize = 10M

post_max_size = 10M

max_input_vars = 10000;

[davidqwerty]

Thank you for your reply, that was the problem. all fixed now.

[BearBug]

I am not on VPS or dedicated server, but I encountered similar error when adding options. This happens when I am trying to add more than 70 product options. Is there any maximum product options?

[imac]

I am not on VPS or dedicated server, but I encountered similar error when adding options. This happens when I am trying to add more than 70 product options. Is there any maximum product options?

See the FDGWEB reply,

The more products/options/features you have on a page the bigger values should be.

I suppose if you update values accordingly to FDGWEB suggestion everything should work. 

[FDGWEB]

Glad we could help.

[netcraft]

I've made everything as suggested but its still doesn work. Whn one clicks login to account via popup - results ends with CRSF erroR message

 

max_input_vars 10000 post_max_size 20M upload_max_filesize 16M

PLEASE HELP!!!!!

[johnbol1]

I've made everything as suggested but its still doesn work. Whn one clicks login to account via popup - results ends with CRSF erroR message

 

max_input_vars 10000 post_max_size 20M upload_max_filesize 16M

PLEASE HELP!!!!!

Speak to your host they can fix it

[netcraft]

Speak to your host they can fix it

 

what they can fix ?  i manage server myself and made all values  as suggested, is doesn't helped at all

[johnbol1]

your call

[tbirnseth]

Have you verfied that after setting those values that they are in fact being set?  If you make them too big, there are compiled limits in PHP that will reject the request for increase.  Using 20M is probably overkill.

[netcraft]

yes, all set. actually to me all this requirements make no sense at all as i just have problem only when

 

i click - my account - login, and when entered login/password  i get this error!

 

login/password entered Karl! not 10000 vars or post body > 10M just simple login form, so problem is not there

[netcraft]

When i click on link Login and enter login password - i see error

 

access Denied: Possible Csrf Attack

 

but normal web login form works ok

 

whats wrong ?

 

started to happen after last upgrade, using UniTheme

 

[CS-Cart team]

This notice appears if security_hash parameter is missing in the POST request. In most cases it happens if server truncates the request. The above solutions shoul help to resolve the problem. In some cases you may also need to increase the value of the pcre.backtrack_limit PHP directive.

 

If this does not help, please contact us via Help desk and provide access to your server so that we could examine the issue.

 

When i click on link Login and enter login password - i see error

 

access Denied: Possible Csrf Attack

 

but normal web login form works ok

 

whats wrong ?

 

started to happen after last upgrade, using UniTheme

[netcraft]

you are right  security_hash  is not sent, have no idea why. sent support questiosn to all - cs-cart and uniTheme  dont know whos bug is it 

[tbirnseth]

I see this on occasion with clients who let their browsers auto-fill their logins.  I.e. the return_url is either invalid or is not valid for that account.  I always suggest that they simply strip any admin login down to the example.com/admin.php (adjusted for your site).    I generally have NOT seen it when someone tries to access an admin page but their session has expired which then causes the redirect to login with the return_url being the page they were on.

 

Hope that helps.

[Azrul Astaqkireen Haron]

ErrorAccess denied: Possible CSRF attack

 

 

 

Hi how to fix this... when I do key-in logistic database for Shipping method > shipping time and rates > show rates for rate area > weight dependencies :

 

I key-in to many line by line from 0kg to 30kg when I save all lost. page bring me to main Dashboard and  

ErrorAccess denied: Possible CSRF attack <<< this notification come out ... 

 

 

 

[Gyanprakash]

I see this on occasion with clients who let their browsers auto-fill their logins.  I.e. the return_url is either invalid or is not valid for that account.  I always suggest that they simply strip any admin login down to the example.com/admin.php (adjusted for your site).    I generally have NOT seen it when someone tries to access an admin page but their session has expired which then causes the redirect to login with the return_url being the page they were on.

 

Hope that helps.

Our customers complained about CSRF attack error when login.

I can reproduce this error on https sites when login is made with popup (My account->Sign in) when "Remember me" option is offered and checked.

 

Procedure is this:

- sign in as customer with popup login on https site, check "Remember me" box
- save your password with username
- sign out
- clear cookies and sessions in browser

- sign in as customer with popup login and use browser saved username and password

The result is an error: Access denied. Possible CSRF attack. I reproduced this in latest Chrome,  Edge and Firefox browser.

 

 

 

Does anyone have a solution to this?

 

Thank you!