Subscribe via rss
Discussions
Guest
or Ask a Question
Add a reply View Replies (7) →
John Rybak
John Rybak
Offline

CSRF Routes

Is there a list of suggested CSRF routes to add to the security option I have tried looking through the upgrade info and base forum info but can't find anything.
In Security
Friday, May 19 2017, 06:04 AM
Like
1
Share this post:
Responses (7)

  • Accepted Answer

    Rune Rasmussen
    Rune Rasmussen
    Offline
    Friday, May 19 2017, 08:20 PM - #Permalink
    It sounds to me that you have several failed updates, and should have reverted to your backup, before trying again. Because now you most likely have missing database updates etc., which can be tricky for you to fix on your own.

    The update problems is most likely related to your hosting.

    If you add your system info, and the update steps taken (version to version, and where it failed first time), some kind soul might be able to help you. Else you might need to rebuild your store, and in future be careful taking backups etc.

    https://arastta.org/docs/user-manual/tools/system-information
    The reply is currently minimized Show

  • Accepted Answer

    John Rybak
    John Rybak
    Offline
    Friday, May 19 2017, 08:05 PM - #Permalink
    UPDATE, the manually input routes did not save.
    The reply is currently minimized Show

  • Accepted Answer

    John Rybak
    John Rybak
    Offline
    Friday, May 19 2017, 07:59 PM - #Permalink
    My appologies for the numerous replies. Everytime I hit reply the page did nothing
    The reply is currently minimized Show

  • Accepted Answer

    John Rybak
    John Rybak
    Offline
    Friday, May 19 2017, 07:58 PM - #Permalink
    When I go into the security setting there is nothing in the CSRF routes field. When I add the list in that you have suggested I get a "Warning: Please check the form carefully for errors!" message at the top of the screen.

    And I am still getting a "Warning: in_array() expects parameter 2 to be array, null given in (...catalog event app csrf.php) on line 27" at the top of all of my pages as well as during checkout.

    For whatever reason I also had issues with the upgrade to 1.5. It seems like it partially updates and then doesn't update. For upgrading to 1.6 I remember it coming up with an error that the upgrade could not be completed then I ran it again and it said that the upgrade was successfully installed.

    I had to remove the / out of the paths to allow the post to go nthrough
    The reply is currently minimized Show

  • Accepted Answer

    Rune Rasmussen
    Rune Rasmussen
    Offline
    Friday, May 19 2017, 06:04 PM - #Permalink
    What exactly do you mean, is the routes field empty?
    Did you delete them?

    By default the suggested routes is added for a new/updated store, as you can see if you install a demo/test site, where you also can see that the checkout indeed works fine.
    account/address/edit
    
account/edit
    
account/newsletter
    
account/password
    
affiliate/edit
    
affiliate/password
    
affiliate/payment


    Maybe you in feature could be kind and post all relevant info directly, and not one by one sentence per post. ;)
    The reply is currently minimized Show

  • Accepted Answer

    John Rybak
    John Rybak
    Offline
    Friday, May 19 2017, 05:56 PM - #Permalink
    I believe that the lack of CSRF routes is causing the current errors with my webpage and not letting people to checkout
    The reply is currently minimized Show

  • Accepted Answer

    Rune Rasmussen
    Rune Rasmussen
    Offline
    Friday, May 19 2017, 03:03 PM - #Permalink
    Yeah, the documentation section needs some updates for 1.4+ features, and some older limited docs needs additions too.

    Maybe some users, good at writing docs, could contribute to it by time ...
    The reply is currently minimized Show
Your Reply