• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
CSRF The action you have requested is not allowed

#4
Quote:I know this has been asked a bit but can not find suitable solution.

When I submit form and if there is a error and then reload page it shows

So is this what is happening?

1. Page loads
2. Form submitted
3. Page loads with error messages
4. You manually press 'reload page'
5. Get CSRF error

If so, then yes, this is what it should be doing.

1. Page loads (CSRF set to 'abc...')
2. Form submitted (CSRF checked, passes, reset to 'xyz...')
3. Page loads with error messages (Plus new CSRF code 'xyz...')
4. You manually press 'reload page' (Tries to reload the original post with 'abc' code)
5. Get CSRF error (CSRF checked, fails as sending 'abc...' but expecting 'xyz...')

The only way to alter this behavior is to not reset the CSRF code automatically, which I do not recommend doing. What you are trying to overcome is exactly what CSRF is there to prevent, posting of form data that was either already posted or did not originate from the server.

Sorry if that is not much help. What would represent a 'suitable solution' for you, how would you want it to behave?

Paul.
Reply


Messages In This Thread
RE: CSRF The action you have requested is not allowed - by PaulD - 09-25-2016, 10:07 AM

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.