thorsten
commented
4 months ago So, the value of $csrfToken is always empty?
Closed tolew1 closed 4 months ago
thorsten
commented
4 months ago So, the value of $csrfToken is always empty?
thorsten
commented
4 months ago I found the issue. Looks like the cookie fallback for CSRF tokens doesn't work for you. I found the issue for the empty token.
tolew1
commented
4 months ago That's good to hear. Thanks
I really hate to keep reporting issues with the CSFRToken, but it just persists. I don't know why.
Version: 3.2.6 Browser: MS EDGE - Version 124.0.2478.80 (Official build) (64-bit) OS: Windows 10 Pro Server OS: AlmaLinux release 9.3 DB: PG 16 PHP Version: 8.3.4
I'm not doing anything special but I keep having to remove code dealing with the csfrtoken for it to work properly. @thorsten you mentioned last time we shouldn't be disabling security features and I agree but if I can't save records, what's the point?
In order for me to save configs, I had to remove crsf check now the same for categories. When I dump or print this out when trying to save a category
Token::getInstance()->verifyToken('save-category', $csrfToken)It's always blank, hence it will never pass the condition on line 70 of category.main.php.
Of course, once the token check is removed it works fine. What do I need to do to finally get crsftoken checks working? I've had to remove it from every install I've ever done. But typically only had issues saving the config, now it's categories too. I'm not changing any core code. Just theme templates.