Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Access Denied: Possible Csrf Attack Rate Topic   - - - - -

 
  • swifty
  • Advanced Member
  • Trial users
  • Join Date: 30-Mar 13
  • 138 posts

Posted 27 March 2018 - 09:35 AM #1

When i select either Theme Editor or Edit content on site in Design - Themes i get an error pop up message "Error access denied: Possible CSRF attack" and cant access these two facilities.

 

Is this a CsCart or server problem and how can this be fixed?



 
  • Takestock
  • Senior Member
  • Members
  • Join Date: 08-Nov 13
  • 449 posts

Posted 27 March 2018 - 09:43 AM #2

http://forum.cs-cart...le-csrf-attack/



 
  • swifty
  • Advanced Member
  • Trial users
  • Join Date: 30-Mar 13
  • 138 posts

Posted 27 March 2018 - 10:15 AM #3

 

http://forum.cs-cart...le-csrf-attack/

 

Thanks for the link but i am getting the CSRF error when trying to use a facility and not uploading images etc. I am not on a VPS or dedicated server either.

 

I did contact the third party who developed the site for me and they suggested the CSRF be disabled in CsCart, when i asked the consequences they said the site would be vulnerable to CSRF attack which is defeating the CSRF facility. Surely there's a way to keep the CSRF prevention and to be able to administrate the theme editor etc.



 
  • Takestock
  • Senior Member
  • Members
  • Join Date: 08-Nov 13
  • 449 posts

Posted 27 March 2018 - 11:24 AM #4

Thanks for the link but i am getting the CSRF error when trying to use a facility and not uploading images etc. I am not on a VPS or dedicated server either.

 

I did contact the third party who developed the site for me and they suggested the CSRF be disabled in CsCart, when i asked the consequences they said the site would be vulnerable to CSRF attack which is defeating the CSRF facility. Surely there's a way to keep the CSRF prevention and to be able to administrate the theme editor etc.

If you are not on a VPS etc, then it could still be and more than likely is the same issue, the same setting are applicable to shared hosting but are controlled by your provider. 

You can look at what setting are applicable, follow this https://www.inmotion...ee-php-settings.

 

If they are not sufficient then you can ask the host to change, If they won't then you will have to move hosts.

 

Alan 



 
  • swifty
  • Advanced Member
  • Trial users
  • Join Date: 30-Mar 13
  • 138 posts

Posted 28 March 2018 - 07:14 PM #5

Contacted my host who checked the server settings and confirmed they were as follows

 

upload_max_filesize = 100M

post_max_size = 100M

max_input_vars = 10000;

 

Whilst they were checking they also up the PHP version from 5.6 to 7.1 to speed things up but i am still getting the CSRF error when selecting either Theme Editor or Edit content on site in Design - Themes.

 

I have contacted the company who did the upgrade in February to see if they can help as at the minute no body seems to have a concrete answer and i cant believe the default CsCart would have this problem or bug?



 
  • tbirnseth
  • CS Cart Expert
  • Authorized Reseller
  • Join Date: 08-Nov 08
  • 10557 posts

Posted 29 March 2018 - 12:25 AM #6

Try clearing the cookies for your site.  CSRF message is triggered when the session keys don't match the cookies.


EZ Merchant Solutions: Custom (USA based) B2B Development, Consulting, Development and Special Projects (get a quote here).
Commercial addons, payment methods and modifications to meet your business and operations needs.


 
  • swifty
  • Advanced Member
  • Trial users
  • Join Date: 30-Mar 13
  • 138 posts

Posted 29 March 2018 - 08:01 AM #7

When you said clear cookies i assume you meant the browser cookies?

 

Any way opened the site admin in Firefox to use the theme editor and it works so went back to explorer 11 cleared browser history etc but still not working.

 

It must be something to do with explorer 11.



 
  • FDGWEB
  • Junior Member
  • Authorized Reseller
  • Join Date: 20-Aug 10
  • 125 posts

Posted 29 March 2018 - 04:14 PM #8

After you clean cookies you can also try incognito mode if Chrome or Private Window in IE/Edge.


FDG Web, Inc - Seattle Web Design : Custom CS-Cart Programming & Design | Toll-Free: 877.239.3083

Download Proposal Templates & Web Design Contract Samples