CSRF check failed. Please enable cookies.

lebel · Nov 10, 2010, 11:11 PM

I've been getting this error (CSRF check failed. Please enable cookies.) in the last snapshot that I installed (2.0-BETA4-2g-20101110-0037) for quite a few action, like in

Diagnostics: System Activity
Diagnostics: PFTop

with the Country Block also

among others.

I've tried Chrome, Firefox and IE with the same results.

NoahVail · Nov 11, 2010, 11:49 PM

I have the same issue. May be a permissions issue w/ PHP files.

Am updating to today's snapshot and will see if that improves anything.

EDIT: Nope. Same Problem. Will try to roll back to previous snapshot.

EDIT #2: Jumped all the way back to the Sept 27 build and Country Block is back again.

NV

jimp · Nov 12, 2010, 5:47 PM

The CSRF protection was added for security reasons, some features and packages will need fixed to work in the new setup.

Boolah · Nov 13, 2010, 9:23 AM

Jim - Can you describe how the new CSRF protection affects automatically backing up the config.xml file from a pfSense system as described here:

http://doc.pfsense.org/index.php/Remote_Config_Backup#Pulling_on_2.0

The new protection seems to vitiate those instructions.

littlejohn · Nov 13, 2010, 10:53 AM

Hello,
this seems to affect the front page too. Everything displays OK after a manual page reload but after the first auto-refresh, the following happens:

Version 2.0-BETA4 (amd64) built on Fri Nov 12 18:33:07 UTC 2010 FreeBSD 8.1-RELEASE-p1
Platform pfSense
CPU Type Intel(R) Xeon(R) CPU L3426 @ 1.87GHz
Uptime undefined
Current date/time undefined
DNS server(s)
Last config change Sat Nov 13 9:53:39 GMT 2010
State table size undefined Show states
MBUF Usage 24593 /26887
CPU usage left barred bargray barright bar Warning: require_once(csrf/csrf-magic.php): failed to open stream: No such file or directory in /usr/local/www/guiconfig.inc on line 37 Fatal error: require_once(): Failed opening required 'csrf/csrf-magic.php' (include_path='.:/etc/inc:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg') in /usr/local/www/guiconfig.inc on line 37 %
Memory usage left barred bargray barright bar undefined%
SWAP usage left barred bargray barright bar 0%
Disk usage left barred bargray barright bar 0%

Regards,
john

EDIT Not sure what's going on. That was right after an upgrade from Oct 27, on Linux + Firefox, in the same browser tab, just pressing Reload. I've restarted Firefox, and I can't reproduce the error. I'll leave this here in case it can help tracking a transient bug…

jimp · Nov 13, 2010, 1:12 PM

@Boolah:

Jim - Can you describe how the new CSRF protection affects automatically backing up the config.xml file from a pfSense system as described here:

http://doc.pfsense.org/index.php/Remote_Config_Backup#Pulling_on_2.0

The new protection seems to vitiate those instructions.

I haven't tried it, but that may still work because wget is actually making a login session and storing cookies, it should also be submitting the csrf token in the process.

jimp · Nov 13, 2010, 1:13 PM

@John:

EDIT Not sure what's going on. That was right after an upgrade from Oct 27, on Linux + Firefox, in the same browser tab, just pressing Reload. I've restarted Firefox, and I can't reproduce the error. I'll leave this here in case it can help tracking a transient bug…

Another dev saw a similar issue with Chrome due to browser caching. Not sure if it cached the javascript or what, but the cache had to be completely wiped out before their dashboard returned to normal.

ice · Nov 22, 2010, 2:49 PM

Had this problem every time I tried to log in using Firefox. Manually deleting the cookies worked for me.