Error at Login - "The action you requested is not allowed |
I very much appreciate additional comments from luckmoshy and InsiteFX.
I think I isolated the problem. It was difficult to find. Sometimes I could log in and sometime log in would not work. It seems to work when I used www.example.com but not example.com (with www removed). What is the best way to handle this? I also notied the error on my debug bar about CORS occurs in the same way, namely, when I remove www if produces an error as mentioned before. Also, luckymoshy and all, I have some questions as follows; In my dotenv file I have added; Code: app.CSRFProtection = true see above names, but when I look at my login form in which I use form_open to auto generate csrf, the name is different. It is called csrf_test_name. Code: <input type="hidden" name="csrf_test_name" value="53fd0c2c[snipsnip]10ad" /> |
Welcome Guest, Not a member yet? Register Sign In |