Access by POST method refused by CSRF protection in main.inc.php

nikolay86 · February 1, 2020, 8:25am

Hi all,
we have just updated the script from 10.0.6 to 11.0 and there is one bug that we have noticed. When we are trying to see what are the margins for a specific period of time, the following error occur on a white page:
Access by POST method refused by CSRF protection in main.inc.php. Token not provided. If you access your server behind a proxy using url rewriting, you might check that all HTTP header is propagated (or add the line $dolibarr_nocsrfcheck=1 into your conf.php file or MAIN_SECURITY_CSRF_WITH_TOKEN to 0 into setup).
Any ideas how this one can be fixed?

Thanks!

ChoY · February 2, 2020, 1:59pm

I had the same problem. It seems to me that there it is a bug in Dolibarr 11 about csrf check. For now it can be resolved just as described in the message
Set the variable from $dolibarr_nocsrfcheck=0 to $dolibarr_nocsrfcheck=1
at htdocs/conf/conf.php**

nikolay86 · February 8, 2020, 6:15am

Thanks! I have change it in the Dolibarr in the field MAIN_FEATURES_LEVEL - a ZERO needs to be placed in order to clear that issue.

BR!

andrevivar · February 10, 2020, 10:20pm

FIXED THANKS A LOT it was very helpeful

ksar · February 18, 2020, 9:01am

Hello,

Are you using MAIN_SECURITY_CSRF_WITH_TOKEN=1 ?
The feature to protect by token is still in development and is not yet finished.

Michele · March 25, 2020, 1:28pm

Problem here is not on delay but on the fact that you open other page and the feature to protect by token is still in development and is not yet finished. When development will be finished, this will not happen dgcustomerfirst

Denis1 · September 28, 2020, 9:42am

hello, tanks ChoY the solution works for me
bye

sadek · April 6, 2022, 7:16am

Solved with V 15.0.1
Many thanks