AnsweredAssumed Answered

Cross Site Request Forgery (XSRF) Attack Detected

Question asked by Conrad Brinker on Nov 27, 2018
Latest reply on Nov 28, 2018 by Conrad Brinker

I am currently running SugarCRM 7.9.4.0. I've been upgrading our server to migrate to 8.x. I have CentOS 6.10 x64, Apache HTTP 2.4, PHP 7.3, MySQL 5.7, Elasticsearch 6.5. Everything seems to function just fine on the user end, but when I try to run a diagnostic to check things, I get the error message in the title:

 

 

Cross Site Request Forgery (XSRF) Attack Detected

Form authentication failure (Administration -> DiagnosticRun). Contact your administrator.

 

I tried searching around for answers, and found this page discussing the topic vaguely:

https://support.sugarcrm.com/Knowledge_Base/Troubleshooting/Troubleshooting_Cross-Site_Forgery_Messages/index.html 

 

I followed the guide to put my URL's name in the config_override.php. I still get this issue. I also received this error with other actions as well. I don't want to manually enter all these actions like the knowledge base offers. There's nothing in the SugarCRM log about this either. Anyone have any suggestions?

 

P.S. I never paid attention, but the URL is using the # hash method instead of an HTML 5 browser history management scheme. I'm not sure if it was like this prior. Maybe that has something to do with the hostname and XSRF error? What should I do about this if it is?

 

Thanks!

Outcomes