Access by POST method refused by CSRF protection in main.inc.php

Hi all,
we have just updated the script from 10.0.6 to 11.0 and there is one bug that we have noticed. When we are trying to see what are the margins for a specific period of time, the following error occur on a white page:
Access by POST method refused by CSRF protection in main.inc.php. Token not provided. If you access your server behind a proxy using url rewriting, you might check that all HTTP header is propagated (or add the line $dolibarr_nocsrfcheck=1 into your conf.php file or MAIN_SECURITY_CSRF_WITH_TOKEN to 0 into setup).
Any ideas how this one can be fixed?

Thanks!

1 Like

I had the same problem. It seems to me that there it is a bug in Dolibarr 11 about csrf check. For now it can be resolved just as described in the message
Set the variable from $dolibarr_nocsrfcheck=0 to $dolibarr_nocsrfcheck=1
at htdocs/conf/conf.php**

1 Like

Thanks! I have change it in the Dolibarr in the field MAIN_FEATURES_LEVEL - a ZERO needs to be placed in order to clear that issue.

BR!

FIXED THANKS A LOT it was very helpeful

Hello,

Are you using MAIN_SECURITY_CSRF_WITH_TOKEN=1 ?
The feature to protect by token is still in development and is not yet finished.

Problem here is not on delay but on the fact that you open other page and the feature to protect by token is still in development and is not yet finished. When development will be finished, this will not happen dgcustomerfirst

hello, tanks ChoY the solution works for me
bye