Grav - Invalid security token (edit)

[ghost]

Hi,

I am using Grav version 1.1.0-RC.3 and the newest Gantry CI Builds (commit: 68d6447) for Grav.
However if I want to save my changes inside the Gantry menu, then it they won't get saved and I get the message:

403 Forbidden
Oops, Invalid security token; please reload the page and try again..

Tried it with firefox and chrome.

Edit: Fixed the scroll problem with "clear all caches"

[mahagr]

I think it can also be fixed by just reloading the page, just like the error message says?

[ghost]

Nope, won't work even after multiple refreshs using F5.
After a refresh, I type in my changes again an after clicking "Save styles" I get the same message again.
I have also tried to install a new and fresh install of gantry and updated everything of Grav, but without success.

Btw thanks for attaching labels for this thread ;)

[w00fz]

Can you please try updating Grav and Grav Admin to latest, as well as installing the new Gantry CI Build? I cannot reproduce this issue.

From your screenshot it also looks like you have some styling issues (no padding inside the grey container), which I don't get on my local.

[ghost]

No, didn't worked.

Did a fresh install of everything.
Installed the newest Grav + Admin from the website (Grav v1.1.0 - Admin v1.1.1).
Update button of the admin plugin says "everything up to date".

Gantry CI Builds are the newest, downloaded them from the website.
(Last build was generated 5 hours ago (commit: 0b63f62))

I have also deleted all caches.

Every click on any button (except the tabs) are giving me that error...

Btw I am having the "invalid security token" also if I want to log in through the form if I am using the internet explorer.

But only with the internet explorer at logging in.

Webserver is using nginx.

Maybe I have to change something inside the plugin menu?

EDIT:

Tried the newest updates from now again with a completely new install. Still the same.

[w00fz]

Uh, try disabling production. That really should be off by default.

[ghost]

Tried if without success.

[w00fz]

hey @spacetook , can you send me your user folder in Gitter PM, so i can try to reproduce on my local?

[w00fz]

Any word on this? 😃

Still waiting on the user folder, that would really help me debug the problem since I still cannot reproduce this issue at all.

Please drop the zip in PM on Gitter if you get the chance.

[ghost]

Sorry for the delay. Was ill and had less time. Send you the files through Gitter :)

[w00fz]

Np, thanks for that! Appreciate it.
I'll look asap at the issue and hopefully I'll be able to reproduce.

// Djamil Legato // From iPhone //

On Jul 22, 2016, at 07:03, spacetook notifications@github.com wrote:

Sorry for the delay. Was ill and had less time. Send you the files through Gitter :)

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.

[w00fz]

Sorry to say @spacetook but I was never able to reproduce this issue. Have you tried the latest CI Builds recently, as well as latest Grav / Admin ?

[ghost]

Yeah, it works now xD
No idea why I had so much trouble, I also tried hosting on Windows without success, but now it works on Windows therefore it should also work on Linux^^
Huge thanks anyway :)

[IrealiTY]

Sorry but how did you fix that issue? - did you install a new CI build? Did you just re-install gantry?

            throw $e;
 
        } catch (\Exception $e) {
            // Handle errors.
            if ($this->container->debug()) {
                throw $e;
            }
            $response = $this->getErrorResponse($e, $this->format == 'json');
        }
 
        return $this->send($response);
    }
 
    public function execute($resource, $method = 'GET', $path, $params = [], $format = 'html')
    {
        $class = '\\Gantry\\Admin\\Controller\\' . ucfirst($format) . '\\' . strtr(ucwords(strtr($resource, '/', ' ')), ' ', '\\');
 
        // Protect against CSRF Attacks.
        if (!in_array($method, ['GET', 'HEAD'], true) && !$this->checkSecurityToken()) {
            throw new \RuntimeException('Invalid security token; please reload the page and try again.', 403);
        }
 
        if (!class_exists($class)) {
            if ($format == 'json') {
                // Special case: All HTML requests can be returned also as JSON.
                $response = $this->execute($resource, $method, $path, $params, 'html');
                return $response instanceof JsonResponse ? $response : new JsonResponse($response);
            }
 
            throw new \RuntimeException('Page Not Found', 404);
        }
 
        /** @var BaseController $controller */
        $controller = new $class($this->container);
 
        // Execute action.
        $response = $controller->execute($method, $path, $params);
 
        if (!$response instanceof Response) {
            $response = new HtmlResponse($response);

Invalid security token; please reload the page and try again.

GET Data
_url
"/admin/gantry/configurations/default/styles.json"

[mahagr]

There should be no need for CI builds as the issue is months old and there have been new releases.

[IrealiTY]

Well I was getting this particular issue on a fresh installation yesterday.

[mahagr]

Did reloading page help to fix the issue? Or is it still continuing?

[IrealiTY]

Didn't help, no. I'll try to setup a fresh setup later. (my 1st test was on a fresh digitalocean vps)

[patrickbolle]

Same problem here. Fresh Digital Ocean VPS.

[mahagr]

Please see:

getgrav/grav#1245

Fixed all $_GET parameters missing in Nginx (please update your nginx.conf)

[OleVik]

For anyone with the same problem using Caddy as the server, try the latest configuration-example in /grav/webserver-configs.

[ITSecMedia]

@OleVik Thank you!!!