CSRF check failed. Please enable cookies.



  • I've been getting this error (CSRF check failed. Please enable cookies.) in the last snapshot that I installed (2.0-BETA4-2g-20101110-0037) for quite a few action, like in

    Diagnostics: System Activity
    Diagnostics: PFTop

    with the Country Block also

    among others.

    I've tried Chrome, Firefox and IE with the same results.



  • I have the same issue.  May be a permissions issue w/ PHP files.

    Am updating to today's snapshot and will see if that improves anything.

    EDIT: Nope.  Same Problem.  Will try to roll back to previous snapshot.

    EDIT #2: Jumped all the way back to the Sept 27 build and Country Block is back again.

    NV


  • Rebel Alliance Developer Netgate

    The CSRF protection was added for security reasons, some features and packages will need fixed to work in the new setup.



  • Jim - Can you describe how the new CSRF protection affects automatically backing up the config.xml file from a pfSense system as described here:

    http://doc.pfsense.org/index.php/Remote_Config_Backup#Pulling_on_2.0

    The new protection seems to vitiate those instructions.



  • Hello,
    this seems to affect the front page too. Everything displays OK after a manual page reload but after the first auto-refresh, the following happens:

    Version 2.0-BETA4 (amd64) built on Fri Nov 12 18:33:07 UTC 2010 FreeBSD 8.1-RELEASE-p1
    Platform pfSense
    CPU Type Intel(R) Xeon(R) CPU L3426 @ 1.87GHz
    Uptime undefined
    Current date/time undefined
    DNS server(s)
    Last config change Sat Nov 13 9:53:39 GMT 2010
    State table size undefined Show states
    MBUF Usage 24593 /26887
    CPU usage left barred bargray barright bar  Warning: require_once(csrf/csrf-magic.php): failed to open stream: No such file or directory in /usr/local/www/guiconfig.inc on line 37  Fatal error: require_once(): Failed opening required 'csrf/csrf-magic.php' (include_path='.:/etc/inc:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg') in /usr/local/www/guiconfig.inc on line 37 %
    Memory usage left barred bargray barright bar  undefined%
    SWAP usage left barred bargray barright bar  0%
    Disk usage left barred bargray barright bar   0%

    Regards,
    john

    EDIT Not sure what's going on. That was right after an upgrade from Oct 27, on Linux + Firefox, in the same browser tab, just pressing Reload. I've restarted Firefox, and I can't reproduce the error. I'll leave this here in case it can help tracking a transient bug…


  • Rebel Alliance Developer Netgate

    @Boolah:

    Jim - Can you describe how the new CSRF protection affects automatically backing up the config.xml file from a pfSense system as described here:

    http://doc.pfsense.org/index.php/Remote_Config_Backup#Pulling_on_2.0

    The new protection seems to vitiate those instructions.

    I haven't tried it, but that may still work because wget is actually making a login session and storing cookies, it should also be submitting the csrf token in the process.


  • Rebel Alliance Developer Netgate

    @John:

    EDIT Not sure what's going on. That was right after an upgrade from Oct 27, on Linux + Firefox, in the same browser tab, just pressing Reload. I've restarted Firefox, and I can't reproduce the error. I'll leave this here in case it can help tracking a transient bug…

    Another dev saw a similar issue with Chrome due to browser caching. Not sure if it cached the javascript or what, but the cache had to be completely wiped out before their dashboard returned to normal.



  • Had this problem every time I tried to log in using Firefox. Manually deleting the cookies worked for me.


Log in to reply