- Posts: 5
- Thank you received: 0
Error 400 CSRF token
4 months 2 weeks ago #231775
by tvalades
Error 400 CSRF token was created by tvalades
Please help us help you and fill where relevant:
Your LimeSurvey version: 5.3.29
Own server or LimeSurvey hosting: own
Survey theme/template:
==================
Since last week we are having problems with a survey that we display through an iframe on another domain.
The error (attached image) appears in the Safari browser and in incognito windows in both Chrome and Safarihttps://ibb.co/cvWhc9nhttps://ibb.co/cvWhc9n. In Chrome browsers it is displayed correctly.
We activate the option 'Embedded IFrames are allowed' and 'Force HTTPS' in the Security section of the global configuration and add the following code:
'session' => array (
'sessionName'=>'LS-VBXZZORFJZCAKGYI',
// Uncomment the following lines if you need table-based sessions.
// Note: Table-based sessions are currently not supported on MSSQL server.
// 'class' => 'application.core.web.DbHttpSession',
// 'connectionID' => 'db',
// 'sessionTableName' => '{{sessions}}',
'cookieParams' => array(
'secure' => true,
'httponly' => true,
'samesite' => 'None',
),
),
'request' => array(
'enableCsrfValidation'=>true,
'csrfCookie' => array(
'sameSite' => 'None',
'secure' => true,
),
Which we saw in the manual
We don't know what else to do.from the safari browser itself by disabling the "prevent cross-site tracking" option in the preferences > privacy section no longer causes this problem. But I need a solution in the code so that this does not happen because I cannot control who accesses safari and make everyone perform this option
Thanks for the help
Your LimeSurvey version: 5.3.29
Own server or LimeSurvey hosting: own
Survey theme/template:
==================
Since last week we are having problems with a survey that we display through an iframe on another domain.
The error (attached image) appears in the Safari browser and in incognito windows in both Chrome and Safarihttps://ibb.co/cvWhc9nhttps://ibb.co/cvWhc9n. In Chrome browsers it is displayed correctly.
We activate the option 'Embedded IFrames are allowed' and 'Force HTTPS' in the Security section of the global configuration and add the following code:
'session' => array (
'sessionName'=>'LS-VBXZZORFJZCAKGYI',
// Uncomment the following lines if you need table-based sessions.
// Note: Table-based sessions are currently not supported on MSSQL server.
// 'class' => 'application.core.web.DbHttpSession',
// 'connectionID' => 'db',
// 'sessionTableName' => '{{sessions}}',
'cookieParams' => array(
'secure' => true,
'httponly' => true,
'samesite' => 'None',
),
),
'request' => array(
'enableCsrfValidation'=>true,
'csrfCookie' => array(
'sameSite' => 'None',
'secure' => true,
),
Which we saw in the manual
We don't know what else to do.from the safari browser itself by disabling the "prevent cross-site tracking" option in the preferences > privacy section no longer causes this problem. But I need a solution in the code so that this does not happen because I cannot control who accesses safari and make everyone perform this option
Thanks for the help
Please Log in to join the conversation.
4 months 2 weeks ago #231779
by tpartner
Cheers,
Tony Partner
Solutions, code and workarounds presented in these forums are given without any warranty, implied or otherwise.
Replied by tpartner on topic Error 400 CSRF token
You have already asked this. Do not double post, it will not get answers any faster.
Cheers,
Tony Partner
Solutions, code and workarounds presented in these forums are given without any warranty, implied or otherwise.
Please Log in to join the conversation.