Welcome Guest, Not a member yet? Register   Sign In
Error at Login - "The action you requested is not allowed
#17

(This post was last modified: 02-13-2023, 03:52 AM by spreaderman.)

I very much appreciate additional comments from luckmoshy and InsiteFX.

I think I isolated the problem.  It was difficult to find.  Sometimes I could log in and sometime log in would not work.  It seems to work when I used www.example.com but not example.com (with www removed).  What is the best way to handle this?  I also notied the error on my debug bar about CORS occurs in the same way, namely, when I remove www if produces an error as mentioned before.

Also, luckymoshy and all, I have some questions as follows;

In my dotenv file I have added;

Code:
app.CSRFProtection  = true
app.CSRFTokenName  = 'csrf_example_token'
app.CSRFCookieName  = 'csrf_example_cookie'
app.CSRFExpire      = 7200
app.CSRFRegenerate  = true
app.CSRFExcludeURIs = []
app.CSRFSameSite    = 'Lax'

see above names, but when I look at my login form in which I use form_open to auto generate csrf, the name is different.  It is called csrf_test_name. 

Code:
<input type="hidden" name="csrf_test_name" value="53fd0c2c[snipsnip]10ad" />
Reply


Messages In This Thread
RE: Error at Login - "The action you requested is not allowed - by spreaderman - 02-13-2023, 03:50 AM



Theme © iAndrew 2016 - Forum software by © MyBB