Jump to content

This request was aborted because it appears to be forged.


Marco Ro
 Share

Recommended Posts

All forms in the backend of processwire are secured against CSRF attacks by assigning them a one-time token. This will ensure that the page and the current session that generates the form is the same as the one that receives the form. E. g. The error message appears when a backend page (also Login) is open and the session has expired, or the session cookie has been deleted from the browser or could not be set in the browser.

  • Like 1
  • Thanks 1
Link to comment
Share on other sites

Not a reason but a scenario for this error message.

This can also happen when you use Password managers like 1Password/LastPass with Autofill-function.
At least it happens to me regularly on different PW sites.

Example:

You click in 1Password on your "PW Login" entry and say open & auto-fill/login.
1Password will opens your default browser, redirects to your login site, enters your credentials and submits them.

I don't know exactly why PW denies access in some cases but maybe it's way too fast for a human/regular login.

Link to comment
Share on other sites

For me I thing was something different I was doing a test to the checkout page, I was log-in with one name but enter by hand other data to fill the form. Maybe could be this that have make a error. honestly this maybe doesn't make much sense but I don't know what else could have triggered the error.

Link to comment
Share on other sites

@wbmnfktr

54 minutes ago, wbmnfktr said:

Not a reason but a scenario for this error message.

The reason is the invalid token: https://github.com/processwire/processwire/blob/bdaf8810cbb71944820c45e0b297d0b75f1e60be/wire/core/SessionCSRF.php#L176-L191

1 hour ago, wbmnfktr said:

At least it happens to me regularly on different PW sites.

Make sure that the session cookie is set and valid and that the current valid token is sent with the form.

Link to comment
Share on other sites

I had this on an full webspace....so site is running...but there is no more place for the session on the webserver so i get the same message.

After stopping an uncontrolled backupscript and delete a lot of waste all works again...

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...