I would update that first of all if its being updated today, then you at least rule it out

Hi there, I am receiving this error as well. When logging in from my home page, this error pops up.

 

Hi there, I am receiving this error as well. When logging in from my home page, this error pops up.

Could you please try again? I did not encounter this error when attending to your ticket and clearing cache may have helped here as well.

 

Could you please try again? I did not encounter this error when attending to your ticket and clearing cache may have helped here as well.

Tried again just now and still received the error:

The CSRF protection key did not match. This may indicate an application or theme is out of date. Please contact technical support for more information.

 

Tried again just now and still received the error:

The CSRF protection key did not match. This may indicate an application or theme is out of date. Please contact technical support for more information.

Is this happening on a specific page or on just like your forum index? Are you using Safari by chance? If you are, could you please try updating to the latest release if you're not on it?

 

Is this happening on a specific page or on just like your forum index? Are you using Safari by chance? If you are, could you please try updating to the latest release if you're not on it?

It happens when I’m on my home page and I login. It happened just now (I’m on the latest version btw). It seems to happen when I’m on a mobile device (iPhone or iPad) versus computer. It happened again just now which prompted me to venture back to this topic.

what version of iOS are you on there?

 

what version of iOS are you on there?

18.4 (iPad and iPhone)

It also happens when I login to the ACP.

Screen shot: https://ibb.co/27y3LPVy

Hi there, I'm having the the same issue on our development board since at least last Friday. We ignored it at first - and reported to google the we thought the error was... in error. 🙃

Now we get

1) can push through this page . .

and arrive here . .

Happy to start a new thread - wanted to check here first.

Thanks - Dave 'the new guy'

 

Hi there, I'm having the the same issue on our development board since at least last Friday. We ignored it at first - and reported to google the we thought the error was... in error. 🙃

Now we get

1) can push through this page . .

and arrive here . .

Happy to start a new thread - wanted to check here first.

Thanks - Dave 'the new guy'

What was the last change or modification done to the forurm before this happened? Can you disable all your third party stuff and see if the issue will still occur or go away?

On a side note, can you check your System Logs and the server error log page for any messages logged in both places pertaining to this?

 

Hi there, I'm having the the same issue on our development board since at least last Friday. We ignored it at first - and reported to google the we thought the error was... in error. 🙃

Now we get

1) can push through this page . .

and arrive here . .

Happy to start a new thread - wanted to check here first.

Thanks - Dave 'the new guy'

In your case, its unrelated. You are getting the latter message because of the former. If you havent added anything to your site, it may well be that you have been flagged incorrectly by google. That being the case, you would click on the "details" link which shows how to report that as incorrect to them

Thanks for the prompt replies:

Marc - I have reported to Google , and then later, that's when I started getting the CSRF error page (before we would just get the 'unsafe site' page). So my initial thought was, since we started getting the CSRF warning after I made the report, that they [google] did a deeper dive. But on second look, the CSRF warning is coming from inside the house 🤣.

Miss_B: Logs are empty.

• I'm not aware of any changes or add ons we've made to the site recently. Admittedly, I'm the new guy. I've been onboarding for a little while, I'm not aware of any changes we've made to the board in the last 3-4weeks (apart from formatting type stuff).

• Add ons - Sure, we'll give that a try late this morning (we have another onboarding session, so there may be a teachable moment there for me).

FWIW: This is for our Dev site if I failed to mention that previously. This is the second warning page we get [uploaded below], after the initial red warning page, is purporting that there's been phishing attempts. And Are these two issues (CSRF cert warning and phishing attempt warning) likely to be related or separate issues? NOTE: When this issue first raised its head last Friday, we were 'screen sharing' through The Google, and our assumption was that it was detecting that and throwing up the warnings.

The CSRF and phishing warnings showed up on Monday or Tuesday of this week. Before that, it was just the GO BACK GO BACK initial red screen I shared in my first post.

Thanks again. And - as a side note - this upgraded editor is slick 👍

Edited Thursday at 12:50 PM1 day by Indy Dave

Just poking around - I note when I visit our first plug in vender - their site also listed as unsecure . . that's not causing the issue is it?

 

Just poking around - I note when I visit our first plug in vender - their site also listed as unsecure . . that's not causing the issue is it?

Can you try to disable all third party stuff and see if the error will go away? If it does, you can enable them one by one until you find the culprit so to speak.

Disable all 3rd party and test, but while I understnd you did report to google, they have not unlisted that as being unsafe as of yet, is that correct?

Miss_B: Disabled adds ons, I still get the phishing warning, but no longer the next red warning page with the CSRF warning.

Marc - That's correct.

 

Miss_B: Disabled adds ons, I still get the phishing warning, but no longer the next red warning page with the CSRF warning.

If this is the case, you need to contact the author of the addon for that issue

 

Marc - That's correct.

Only google can remove that message

• re-reported to google.

• I separately re-enabled each addon, logging out and closing browser and re logged in after doing this for each (of our 4 add ons). I've also cleared history. I no longer see the CSRF cert warning, but still get the phishing warning. So in that regard, we're back one step (the cert warnings started a few days after the phishing warnings began). So with the add ons enabled, currently no cert warning, but still a phishing warning. If the pattern repeats, perhaps the cert warning will return shortly. Or not.

• Marc - I'm not sure which add on you're referencing? I'm not able to identify one of them as causing an issue through this process. Am I missing something?

Edited Thursday at 01:59 PM1 day by Indy Dave

When you disable all apps you dont get the CSRF warning. So its a 3rd party application causing this. If its not returning, then Im not sure what else I can really advise on that.

 

• re-reported to google.

• I separately re-enabled each addon, logging out and closing browser and re logged in after doing this for each (of our 4 add ons). I've also cleared history. I no longer see the CSRF cert warning, but still get the phishing warning. So in that regard, we're back one step (the cert warnings started a few days after the phishing warnings began). So with the add ons enabled, currently no cert warning, but still a phishing warning. If the pattern repeats, perhaps the cert warning will return shortly. Or not.

• Marc - I'm not sure which add on you're referencing? I'm not able to identify one of them as causing an issue through this process. Am I missing something?

The best way to identify the third party stuff that's causing the issue imo, is to enable them one at a time and check the forum after each third party item has been enabled.

Thanks for all the help. To review . . . Here's what we've done on our end, and we still have the phishing warning, across browsers:

• We've disabled ALL third party applications and or plug ins

• Deleted systems cache

• Taken site off line, and put it back on line

• deleted browser cache and histories (on multiple admin's user machines)

We're still getting the deceptive site warnings/phishing attempts detected. We have reported to google several times already.

 

Thanks for all the help. To review . . . Here's what we've done on our end, and we still have the phishing warning, across browsers:

• We've disabled ALL third party applications and or plug ins

• Deleted systems cache

• Taken site off line, and put it back on line

• deleted browser cache and histories (on multiple admin's user machines)

We're still getting the deceptive site warnings/phishing attempts detected. We have reported to google several times already.

It can take some time for Google to remove the warning.

Since this issue now seems to no longer be CSRF cert invalid, I'll move on. If we continue to have the risky site warnings, I'll start a fresh topic.

Thanks again!

 

Since this issue now seems to no longer be CSRF cert invalid, I'll move on. If we continue to have the risky site warnings, I'll start a fresh topic.

Thanks again!

There is little point in opening a new topic there. If its been incorrectly flagged, google would have to remove it. We have no control over that

my concern was diluting this thread on invalid CSRF Cert showing as invalid.

No need to respond