Potential cross-site request forgery (CSRF) detected. Operation blocked. Required headers are missing.
- Status
- Open
- Subject
- Potential cross-site request forgery (CSRF) detected. Operation blocked. Required headers are missing.
- Version
- 21.x
- Category
- Error
- Feature
- Others
- Resolution status
- New
- Submitted by
- Ioannis Black
- Lastmod by
- Ioannis Black
- Rating
- Related-to
-
- Voting in a poll gives CSRF warning.
- CSRF on using module error messages
- CSRF warning blocks saving menu options
- Profile preview fails with ugly CSRF error
- CSRF Error Message displayed when adding new user to group
- Confirm action on CSRF warning causes warning to redisplay
- CSRF Error when trying to log in from the top bar
- elFinder: Can’t upload pictures on the tracker5 at dev.t.o (CSRF error)
- "The following mandatory fields are missing: Category" after anti-CSRF prompt
- Diagrams have poor usability still in 21.x LTS due CSRF and ticket expiration
- Remove "Protect against CSRF with a protective step" from the login settings page
- "GZip output" (feature_obzip) causes encoding errors in CSRF and error screens
- doc.t.o 19.x: I can't upload images to wiki pages (CSRF) with elFinder
- CSRF False positives
- Description
Hello everyone.
I'm encountering the following issue. I found some tickets regarding this message but nothing seems to be related to this specific issue.
Is this a bug or something from my side? Any clues?When I'm trying to access the page `/tiki-syslog.php` I'm getting this error message
Error message:Potential cross-site request forgery (CSRF) detected. Operation blocked. Required headers are missing.Log output:
Request to /tiki-syslog.php failed CSRF check. Requesting site could not be identified because HTTP_ORIGIN and HTTP_REFERER were empty.Server Info
- Release: Debian GNU/Linux 10 (buster)
- Database Version: 10.3.23-MariaDB-0+deb10u1
- PHP version: 7.3.19-1
Thank you very much.- Importance
- 5
- Easy to solve?
- 5
- Priority
- 25
- Demonstrate Bug (Tiki 19+)
-
This bug has been demonstrated on show2.tiki.org
Please demonstrate your bug on show2.tiki.org
Accessing the Tiki instance that demonstrates this bugThe URL for the show2.tiki.org instance that demonstrates this bug is at: http://devblack-12017-7633.show2.tiki.org. Note that if you get a popup asking for a username/password, please just enter "show" and "show". This is different from the initial login and password for a new Tiki which is "admin" and "admin".
For the install log, see http://devblack-12017-7633.show2.tiki.org/info.txt
Note that if you see PHP errors or a Tiki claiming to be missing third party software, the instance creation is probably not finished. Please wait a couple minutes and reload.
SnapshotsSnapshots are database dumps of the configuration that developers can download for debugging. Once you have reproduced your bug on the show2.tiki.org instance, create a snapshot that can then be downloaded by developers for further investigation.
Snapshots can be accessed at: http://devblack-12017-7633.show2.tiki.org/snapshots/. Note that if you get a popup asking for a username/password, please just enter "show" and "show".
Create new snapshot - Ticket ID
- 7633
- Created
- Friday 11 December, 2020 12:32:38 GMT-0000
by Ioannis Black - LastModif
- Sunday 10 October, 2021 11:37:42 GMT-0000
Attachments
| filename | created | hits | comment | version | filetype | ||
|---|---|---|---|---|---|---|---|
| No attachments for this item | |||||||
;){kind=link}
;){kind=link}
- Feature request: Be able to exclude (by category) the pages listed in Latest Changes module
- Add a command to console.php to invalidate certain objects in the search index
- Counting items in Items List Doesn't Work due to lack of , between items
- Modals in Quartz theme are too narrow
- Tracker Currency Field not working
;){kind=link}
;){kind=link}