Jump to content

CSRF Protection issue

Go to solution Solved by Nathan Explosion,

Recommended Posts

Honestly, I don't know what the heck is happening, but it is now doing it from the IPS menu. 🤷🏻‍♂️


Default seems okay.

@Ehren would you be able to check my site and the themes of yours I use? I get this CSTF Protection Error.

It only happens when I log in via the responsive mode.

It seems to always occur from the mobile menu, if you click login and do so - after you get the message.

It's weird, as it happens from the IPS menu and then doesn't.

Edited by Joey_M
Link to comment
Share on other sites

Aye, I did Marc. 👍🏻

Only issue, it's not Ehren's theme at fault. It happens on his site, but also here. It's related to Android devices; I can replicate the issue here.

IPS Focus and on my own site.

Not just with one device, multiple. Yesterday, I asked some friends (at a live game) if they would sign in for me. Everyone who used an Android device got an error 'Something went wrong' which I think had they had my permission would show the same error as me. Nobody with an iPhone had the message at all.

I have a screen recording, I'll grab two more showing it happens here too. (though I don't want to publicly share the video, so if I could have an email or I am allowed to drop a PM or another means of restricting content to a team member only that would be appreciated).

After the issue I had today, I switched to the freshly installed default theme and it happens with that. Which is what prompted me to try here also.

Link to comment
Share on other sites

8 minutes ago, Jim M said:

Is an unmodified theme still acting fine? I would suggest setting that as your default theme and disabling all third party applications/plugins then trying to reproduce this again. 

No more, it seemed to be fine after I cleared my cache, but I noticed it happens still with an unmodified. default theme.

All my plugins and applications are disabled.

I've re-cleared my site and browser cache.

As I say, it happened to mutliple Android users yesterday.

I'm running Android 12 (SKQ1.211006.001)

But it happens on my old phones Android 8.1 and Android 10. My wife's device is Android 13, my sons is also. My two daughters have Android 12.

No idea what version of Android my friends tested yesterday but going off my family it seems to be Android related rather version based.


Facebook/Twitter/Google Connect aren't affected, just when using the sign in form.

Could contain: Text


Edited by Joey_M
Link to comment
Share on other sites

I think this might be useful for you guys; I uninstalled the patch which took me to 109.

I'm now on 103 without issue.

On here, my site and IPS Focus I have tested login in and out. No issues.

I'm tempting fate by updating the app back to 109.

109 is the issue.

First login its back. 😞

I tried installing 110 updates from a trust site, but my Chrome would just crash. 

Link to comment
Share on other sites

  • 2 weeks later...

@Marc Stridgen @Jim M

I updated 110, the issue stopped but now its persisting again. I have disabled all the plugins, cleared the cache, uninstalled and reinstalled the app.

The CSRF error when signing in has started happening again.

Default theme and all, including the ones installed when recovering the site after I enabled all the plugins recently by mistake (which you guys fixed). There's something going on.

Link to comment
Share on other sites

Is IPS running any beta or higher version than what clients currently have access too?

The reason I ask is it happens on Ehren's site (IPS Focus) which I would assume is running v4.7.7. I tried several times to log in and out here, it doesn't happen.

Which leads me to think the issue could've been patched somehow.

Link to comment
Share on other sites

3 hours ago, Marc Stridgen said:

I dont understand what you mean there. We are 4.7.8 beta 1, but that doesnt necessarily mean that Ehrens is.

It doesn't happen here, not anymore.

I'm saying it seems to be fixed, as Ehren should be on the same version as me. It's the only IPS site I know which runs the same version as me that I have login for.


Edited by Joey_M
Link to comment
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...