AnsweredAssumed Answered

Cross Site Request Forgery (XSRF) Attack Detected

Question asked by on Nov 27, 2018
Latest reply on Jan 7, 2019 by Alex Nassi

I am currently running SugarCRM I've been upgrading our server to migrate to 8.x. I have CentOS 6.10 x64, Apache HTTP 2.4, PHP 7.3, MySQL 5.7, Elasticsearch 6.5. Everything seems to function just fine on the user end, but when I try to run a diagnostic to check things, I get the error message in the title:



Cross Site Request Forgery (XSRF) Attack Detected

Form authentication failure (Administration -> DiagnosticRun). Contact your administrator.


I tried searching around for answers, and found this page discussing the topic vaguely: 


I followed the guide to put my URL's name in the config_override.php. I still get this issue. I also received this error with other actions as well. I don't want to manually enter all these actions like the knowledge base offers. There's nothing in the SugarCRM log about this either. Anyone have any suggestions?


P.S. I never paid attention, but the URL is using the # hash method instead of an HTML 5 browser history management scheme. I'm not sure if it was like this prior. Maybe that has something to do with the hostname and XSRF error? What should I do about this if it is?