Access Denied: Possible Csrf Attack

When i select either Theme Editor or Edit content on site in Design - Themes i get an error pop up message "Error access denied: Possible CSRF attack" and cant access these two facilities.

Is this a CsCart or server problem and how can this be fixed?

http://forum.cs-cart.com/topic/43754-erroraccess-denied-possible-csrf-attack/

http://forum.cs-cart...le-csrf-attack/

Thanks for the link but i am getting the CSRF error when trying to use a facility and not uploading images etc. I am not on a VPS or dedicated server either.

I did contact the third party who developed the site for me and they suggested the CSRF be disabled in CsCart, when i asked the consequences they said the site would be vulnerable to CSRF attack which is defeating the CSRF facility. Surely there's a way to keep the CSRF prevention and to be able to administrate the theme editor etc.

Thanks for the link but i am getting the CSRF error when trying to use a facility and not uploading images etc. I am not on a VPS or dedicated server either.

I did contact the third party who developed the site for me and they suggested the CSRF be disabled in CsCart, when i asked the consequences they said the site would be vulnerable to CSRF attack which is defeating the CSRF facility. Surely there's a way to keep the CSRF prevention and to be able to administrate the theme editor etc.

If you are not on a VPS etc, then it could still be and more than likely is the same issue, the same setting are applicable to shared hosting but are controlled by your provider.

You can look at what setting are applicable, follow this https://www.inmotionhosting.com/support/website/php/create-phpinfo-page-to-see-php-settings.

If they are not sufficient then you can ask the host to change, If they won't then you will have to move hosts.

Alan

Contacted my host who checked the server settings and confirmed they were as follows

upload_max_filesize = 100M

post_max_size = 100M

max_input_vars = 10000;

Whilst they were checking they also up the PHP version from 5.6 to 7.1 to speed things up but i am still getting the CSRF error when selecting either Theme Editor or Edit content on site in Design - Themes.

I have contacted the company who did the upgrade in February to see if they can help as at the minute no body seems to have a concrete answer and i cant believe the default CsCart would have this problem or bug?

Try clearing the cookies for your site. CSRF message is triggered when the session keys don't match the cookies.

When you said clear cookies i assume you meant the browser cookies?

Any way opened the site admin in Firefox to use the theme editor and it works so went back to explorer 11 cleared browser history etc but still not working.

It must be something to do with explorer 11.

After you clean cookies you can also try incognito mode if Chrome or Private Window in IE/Edge.