New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Mage 1.8 - Add to Cart not working, Please help #345

Closed
akh2013 opened this Issue Oct 27, 2013 · 103 comments

Comments

Projects
None yet
@akh2013

akh2013 commented Oct 27, 2013

Hello,

At the outset, I will like to thank your team for a wonderful extension for caching Magento.

I recently upgraded my install from 1.7 to 1.8 CE. After upgrade, when I add an item to a cart, the cart is empty.

I have checked cookies - the cookie domain, path etc. are ok. Occassionaly I see that while switching between cached pages, the cookie frontend is available but path, domain etc. are blank.

Can you please guide me how to resolve this problem? It is slightly urgent because I had to disable cache because cart stopped working.

Regards,

Akhil

@magemonkey

This comment has been minimized.

Show comment
Hide comment
@magemonkey

magemonkey Nov 13, 2013

This is because magento 1.8 makes the add-to-cart & wishlist url's unique/session now which is very frustrating and makes Varnish almost useless throughout 1.8.
I haven't found a good solution to getting around this yet.

magemonkey commented Nov 13, 2013

This is because magento 1.8 makes the add-to-cart & wishlist url's unique/session now which is very frustrating and makes Varnish almost useless throughout 1.8.
I haven't found a good solution to getting around this yet.

@magemonkey

This comment has been minimized.

Show comment
Hide comment
@magemonkey

magemonkey Nov 15, 2013

This is an explanation of the reason that its no longer working. http://www.supportdesk.nu/blog/110-magento-1-8-form-keys-impact-on-fpc
Basically at this time the best way to get it working would be making your product listings dynamic.
A more advanced way would be to fetch the form key and replace it in each url, but it would take a lot of scripting to achieve this.

magemonkey commented Nov 15, 2013

This is an explanation of the reason that its no longer working. http://www.supportdesk.nu/blog/110-magento-1-8-form-keys-impact-on-fpc
Basically at this time the best way to get it working would be making your product listings dynamic.
A more advanced way would be to fetch the form key and replace it in each url, but it would take a lot of scripting to achieve this.

@aheadley

This comment has been minimized.

Show comment
Hide comment
@aheadley

aheadley Nov 18, 2013

Contributor

As @magemonkey said, it looks like this is due to the addition of the form_key param to the URLs. I'm looking into this but don't have an immediate fix, for now Turpentine is just not compatible with Magento 1.8 so I would suggest either rolling back to a previous version of Magento if you can or disabling Varnish and Turpentine.

Contributor

aheadley commented Nov 18, 2013

As @magemonkey said, it looks like this is due to the addition of the form_key param to the URLs. I'm looking into this but don't have an immediate fix, for now Turpentine is just not compatible with Magento 1.8 so I would suggest either rolling back to a previous version of Magento if you can or disabling Varnish and Turpentine.

@hoju37

This comment has been minimized.

Show comment
Hide comment
@hoju37

hoju37 Dec 2, 2013

Can that information please be added to the README and website please? There is no mention of it being incompatible with 1.8 anywhere but within this bug.

hoju37 commented Dec 2, 2013

Can that information please be added to the README and website please? There is no mention of it being incompatible with 1.8 anywhere but within this bug.

@K-mos

This comment has been minimized.

Show comment
Hide comment
@K-mos

K-mos Dec 4, 2013

I have the same problem and I've found a workaround.
Like @aheadley said, it is because the new "form_key" parameter added to POST requests in Magento 1.8 to prevent XSS attacks. It causes troubles with Varnish because the product page is cached with the form_key of the first session visiting the website, and the others visitors can't check csrf because it does not match with their session form_key.
For the "add to cart" event, I've added a predispatch where I replace the form_key parameter with the session form_key to pass the csrf check and let customers add products to cart.
It disables the csrf protection for the "add to cart" action but it's just like Magento < 1.8

For this, just add a observer on add_to_cart_before event, and :

$sessionKey = Mage::getSingleton('core/session')->getFormKey();
$observer->getEvent()->getRequest()->setParam('form_key', $sessionKey);

K-mos commented Dec 4, 2013

I have the same problem and I've found a workaround.
Like @aheadley said, it is because the new "form_key" parameter added to POST requests in Magento 1.8 to prevent XSS attacks. It causes troubles with Varnish because the product page is cached with the form_key of the first session visiting the website, and the others visitors can't check csrf because it does not match with their session form_key.
For the "add to cart" event, I've added a predispatch where I replace the form_key parameter with the session form_key to pass the csrf check and let customers add products to cart.
It disables the csrf protection for the "add to cart" action but it's just like Magento < 1.8

For this, just add a observer on add_to_cart_before event, and :

$sessionKey = Mage::getSingleton('core/session')->getFormKey();
$observer->getEvent()->getRequest()->setParam('form_key', $sessionKey);
@lahdekorpi

This comment has been minimized.

Show comment
Hide comment
@lahdekorpi

lahdekorpi Dec 5, 2013

@K-mos Where's the add_to_cart_before event?

lahdekorpi commented Dec 5, 2013

@K-mos Where's the add_to_cart_before event?

@K-mos

This comment has been minimized.

Show comment
Hide comment
@K-mos

K-mos Dec 5, 2013

@lahdekorpi you have to do a custom module.
In the etc/config.xml file, declare your observer for the add_to_cart_before event :

[...]
<events>
    <add_to_cart_before>
        <observers>
            <namespace_module_observer_add_to_cart_before>
                <type>singleton</type>
                <class>namespace_module/checkout_observer</class>
                <method>disableCsrf</method>
            </namespace_module_observer_add_to_cart_before>
        </observers>
    </add_to_cart_before>
</events>
[...]

After that, create your observer file (ex : app/code/local/Namespace/Module/Model/Checkout/Observer.php) and the action :

<?php
class Namespace_Module_Model_Checkout_Observer
{
    function disableCsrf($observer)
    {
        $key = Mage::getSingleton('core/session')->getFormKey();
        $observer->getEvent()->getRequest()->setParam('form_key', $key);
    }
}
?>

K-mos commented Dec 5, 2013

@lahdekorpi you have to do a custom module.
In the etc/config.xml file, declare your observer for the add_to_cart_before event :

[...]
<events>
    <add_to_cart_before>
        <observers>
            <namespace_module_observer_add_to_cart_before>
                <type>singleton</type>
                <class>namespace_module/checkout_observer</class>
                <method>disableCsrf</method>
            </namespace_module_observer_add_to_cart_before>
        </observers>
    </add_to_cart_before>
</events>
[...]

After that, create your observer file (ex : app/code/local/Namespace/Module/Model/Checkout/Observer.php) and the action :

<?php
class Namespace_Module_Model_Checkout_Observer
{
    function disableCsrf($observer)
    {
        $key = Mage::getSingleton('core/session')->getFormKey();
        $observer->getEvent()->getRequest()->setParam('form_key', $key);
    }
}
?>
@victorlima

This comment has been minimized.

Show comment
Hide comment
@victorlima

victorlima Dec 5, 2013

Does that solve the "ESI processing not enabled" problem on 1.8?
If so, I will need to force this for all ESI included on my templates?

victorlima commented Dec 5, 2013

Does that solve the "ESI processing not enabled" problem on 1.8?
If so, I will need to force this for all ESI included on my templates?

@K-mos

This comment has been minimized.

Show comment
Hide comment
@K-mos

K-mos Dec 5, 2013

I don't have this problem, sorry !

K-mos commented Dec 5, 2013

I don't have this problem, sorry !

@sureshkanthraj

This comment has been minimized.

Show comment
Hide comment
@sureshkanthraj

sureshkanthraj commented Dec 7, 2013

I had the same issue from past 3 weeks and got resolved.
Try this : http://stackoverflow.com/questions/20236020/ajax-add-to-cart-is-not-adding-products-to-the-cart

@sureshkanthraj

This comment has been minimized.

Show comment
Hide comment
@sureshkanthraj

sureshkanthraj Dec 7, 2013

If above does't work, try this : http://blog.nexcess.net/2013/12/04/upgrading-to-magento-1-8-0-0/

Let me know if these two does't work.

sureshkanthraj commented Dec 7, 2013

If above does't work, try this : http://blog.nexcess.net/2013/12/04/upgrading-to-magento-1-8-0-0/

Let me know if these two does't work.

@cindyming

This comment has been minimized.

Show comment
Hide comment
@cindyming

cindyming Dec 19, 2013

Thanks @ K-mos it work for me

cindyming commented Dec 19, 2013

Thanks @ K-mos it work for me

@cindyming

This comment has been minimized.

Show comment
Hide comment
@cindyming

cindyming Dec 19, 2013

    if ($formKey = $observer->getEvent()->getData('controller_action')->getRequest()->getParam('form_key', null)) {

        $sessionKey = Mage::getSingleton('core/session')->getFormKey();
        $observer->getEvent()->getData('controller_action')->getRequest()->setParam('form_key', $sessionKey);
    }

cindyming commented Dec 19, 2013

    if ($formKey = $observer->getEvent()->getData('controller_action')->getRequest()->getParam('form_key', null)) {

        $sessionKey = Mage::getSingleton('core/session')->getFormKey();
        $observer->getEvent()->getData('controller_action')->getRequest()->setParam('form_key', $sessionKey);
    }
@lahdekorpi

This comment has been minimized.

Show comment
Hide comment
@lahdekorpi

lahdekorpi Dec 31, 2013

Thanks @K-mos
I thought you meant that this was already part of magento-turpentine.

Are there any plans to make the extension fully compatible with 1.8 out of the box?

lahdekorpi commented Dec 31, 2013

Thanks @K-mos
I thought you meant that this was already part of magento-turpentine.

Are there any plans to make the extension fully compatible with 1.8 out of the box?

@aheadley

This comment has been minimized.

Show comment
Hide comment
@aheadley

aheadley Jan 3, 2014

Contributor

Are there any plans to make the extension fully compatible with 1.8 out of the box?

I plan on looking into this soon but I don't have an ETA, or really even know for sure that there is a good way to fix this (without reducing security by disabling the CSRF protection).

Contributor

aheadley commented Jan 3, 2014

Are there any plans to make the extension fully compatible with 1.8 out of the box?

I plan on looking into this soon but I don't have an ETA, or really even know for sure that there is a good way to fix this (without reducing security by disabling the CSRF protection).

@vitalized

This comment has been minimized.

Show comment
Hide comment
@vitalized

vitalized Jan 20, 2014

I really need a fix as well. I've tried k-mos's solution but I couldn't get it working. Probably due to me not understanding how to implement it. If anyone could write a step-by-step I'd be very appreciative.

vitalized commented Jan 20, 2014

I really need a fix as well. I've tried k-mos's solution but I couldn't get it working. Probably due to me not understanding how to implement it. If anyone could write a step-by-step I'd be very appreciative.

@EvanRijn

This comment has been minimized.

Show comment
Hide comment
@EvanRijn

EvanRijn Jan 29, 2014

Vitalized, we have a solution what disable the Csrf for Magento 1.8 is that a solution ?

EvanRijn commented Jan 29, 2014

Vitalized, we have a solution what disable the Csrf for Magento 1.8 is that a solution ?

@evolvit

This comment has been minimized.

Show comment
Hide comment
@evolvit

evolvit Jan 29, 2014

Tried it and didn't work for me either.
Is this the exact path?(capitals and all?) app/code/local/Namespace/Module/Model/Checkout/Observer.php
I can only add products after flushing the cache, but if I try to add the same product on a different browser or pc it doesn't work until its flushed again.
For app/etc/config.xml I put the code at the end just before the end of /config

evolvit commented Jan 29, 2014

Tried it and didn't work for me either.
Is this the exact path?(capitals and all?) app/code/local/Namespace/Module/Model/Checkout/Observer.php
I can only add products after flushing the cache, but if I try to add the same product on a different browser or pc it doesn't work until its flushed again.
For app/etc/config.xml I put the code at the end just before the end of /config

@vitalized

This comment has been minimized.

Show comment
Hide comment
@vitalized

vitalized Jan 29, 2014

I’m sorry I have no idea what you mean!… The extension isn’t showing up on the product pages.

The normal ‘add to cart’ is fine. If you’re fixed the extension can you enable it for me?

Kind Regards,
Simon Brown

    +44 (0)208 123 0708     +61 280113095       Skype: Vitalized

On 29 Jan 2014, at 9:40am, evolvit notifications@github.com wrote:

Tried it and didn't work for me either.
Is this the exact path?(capitals and all?) app/code/local/Namespace/Module/Model/Checkout/Observer.php
I can only add products after flushing the cache, but if I try to add the same product on a different browser or pc it doesn't work until its flushed again.
For app/etc/config.xml I put the code at the end just before the line


Reply to this email directly or view it on GitHub.

vitalized commented Jan 29, 2014

I’m sorry I have no idea what you mean!… The extension isn’t showing up on the product pages.

The normal ‘add to cart’ is fine. If you’re fixed the extension can you enable it for me?

Kind Regards,
Simon Brown

    +44 (0)208 123 0708     +61 280113095       Skype: Vitalized

On 29 Jan 2014, at 9:40am, evolvit notifications@github.com wrote:

Tried it and didn't work for me either.
Is this the exact path?(capitals and all?) app/code/local/Namespace/Module/Model/Checkout/Observer.php
I can only add products after flushing the cache, but if I try to add the same product on a different browser or pc it doesn't work until its flushed again.
For app/etc/config.xml I put the code at the end just before the line


Reply to this email directly or view it on GitHub.

@evolvit

This comment has been minimized.

Show comment
Hide comment
@evolvit

evolvit Jan 29, 2014

What I mean is:
I tried to do K-Mos's fix above by editing app/etc/config.xml and by creating the file: app/code/local/Namespace/Module/Model/Checkout/Observer.php
But I was unsure where in the config.xml file I was supposed to add the code. I ended up putting it at the end just before </config>
So far this fix hasn't worked for me.
Also is there a link with instructions on how to disable Turpentine? I've had a look and can't find anything. When I tried it on my test server it broke the server.

evolvit commented Jan 29, 2014

What I mean is:
I tried to do K-Mos's fix above by editing app/etc/config.xml and by creating the file: app/code/local/Namespace/Module/Model/Checkout/Observer.php
But I was unsure where in the config.xml file I was supposed to add the code. I ended up putting it at the end just before </config>
So far this fix hasn't worked for me.
Also is there a link with instructions on how to disable Turpentine? I've had a look and can't find anything. When I tried it on my test server it broke the server.

@MacTel

This comment has been minimized.

Show comment
Hide comment
@MacTel

MacTel Jan 29, 2014

Hi Evolvit,
To disable Turpentine you should be able to disable the Turpentine caches by going to the SYSTEM -> CACHE MANAGEMENT menu and then check both VARNISH PAGES and VARNISH ESI BLOCKS in the list of caches. Then choose DISABLE from the ACTION dropdown at top-right of the list.

You'll definitely want to flush your cache after doing that.

If ever you need to totally disable a module, you can set it in the /app/etc/modules/Nexcessnet_Turpentine.xml file.
Change the tag that looks like this

<active>true</active>

to this

<active>false</active>

Once again, flush your cache afterwards.

MacTel commented Jan 29, 2014

Hi Evolvit,
To disable Turpentine you should be able to disable the Turpentine caches by going to the SYSTEM -> CACHE MANAGEMENT menu and then check both VARNISH PAGES and VARNISH ESI BLOCKS in the list of caches. Then choose DISABLE from the ACTION dropdown at top-right of the list.

You'll definitely want to flush your cache after doing that.

If ever you need to totally disable a module, you can set it in the /app/etc/modules/Nexcessnet_Turpentine.xml file.
Change the tag that looks like this

<active>true</active>

to this

<active>false</active>

Once again, flush your cache afterwards.

@EvanRijn

This comment has been minimized.

Show comment
Hide comment
@EvanRijn

EvanRijn Feb 11, 2014

We created a small plugin what's disable the security in Magento, so enable the varnish in 1.8.1

https://bitbucket.org/supportdesk_nl/turpertine-formkey-workaround

It's not a fix, it's a workaround.

EvanRijn commented Feb 11, 2014

We created a small plugin what's disable the security in Magento, so enable the varnish in 1.8.1

https://bitbucket.org/supportdesk_nl/turpertine-formkey-workaround

It's not a fix, it's a workaround.

@lahdekorpi

This comment has been minimized.

Show comment
Hide comment
@lahdekorpi

lahdekorpi Feb 11, 2014

Awesome stuff @EvrijnSD
Thanks!

lahdekorpi commented Feb 11, 2014

Awesome stuff @EvrijnSD
Thanks!

@aheadley

This comment has been minimized.

Show comment
Hide comment
@aheadley

aheadley Mar 3, 2014

Contributor

This is fixed in version 0.6.0 which should be released on Magento Connect sometime today. Note that the fix for 1.8 compatiblity requires adding -p esi_syntax=0x2 to Varnish's startup command. Turpentine will warn about this if it is not set correctly when applying the VCL from Magento's admin interface.

Contributor

aheadley commented Mar 3, 2014

This is fixed in version 0.6.0 which should be released on Magento Connect sometime today. Note that the fix for 1.8 compatiblity requires adding -p esi_syntax=0x2 to Varnish's startup command. Turpentine will warn about this if it is not set correctly when applying the VCL from Magento's admin interface.

@aheadley aheadley closed this Mar 3, 2014

@cellcube

This comment has been minimized.

Show comment
Hide comment
@cellcube

cellcube Mar 12, 2014

Hi,
we're using CE 1.8.0, Varnish 3.1 and Turpentine 0.6.0 but still got this problem after trying the workarounds.
When we delete everything in /var/cache/ it's working fine - pages get cached at first visit and putting products to cart is also working. As long surfing the shop and moving things into cart and out again it is working for a long time.
But after beeing inactive for more that 30 minutes something change. Pages are still fast but when we put something in the cart after waiting 30 minutes the cart doesn't update any more.
If anyone have an idea or could offer support let us know.

cellcube commented Mar 12, 2014

Hi,
we're using CE 1.8.0, Varnish 3.1 and Turpentine 0.6.0 but still got this problem after trying the workarounds.
When we delete everything in /var/cache/ it's working fine - pages get cached at first visit and putting products to cart is also working. As long surfing the shop and moving things into cart and out again it is working for a long time.
But after beeing inactive for more that 30 minutes something change. Pages are still fast but when we put something in the cart after waiting 30 minutes the cart doesn't update any more.
If anyone have an idea or could offer support let us know.

@yannschepens

This comment has been minimized.

Show comment
Hide comment
@yannschepens

yannschepens Aug 19, 2015

Hi guys,

The commit relative to this problem, is not present into release-0.6.3 ... Is it normal ?

yannschepens commented Aug 19, 2015

Hi guys,

The commit relative to this problem, is not present into release-0.6.3 ... Is it normal ?

@jasonv77

This comment has been minimized.

Show comment
Hide comment
@jasonv77

jasonv77 Aug 31, 2015

running magento 1.9.2.1 getting this add to cart issue, if i disable the csrf protections the issue goes away. I heard it is not recommended to disable this protection. any advice.

im new to this , am not running turpentine or varnish as far as I know.

i tried a separate solution to fix this issue and got
this error when i tried to install inovarti fix.

There has been an error processing your request

Mage registry key "_singleton/fixaddtocartmage18/observer" already exists

Trace:
#0 /home/vasquezj/public_html/app/Mage.php(223): Mage::throwException('Mage registry k...')
#1 /home/vasquezj/public_html/app/Mage.php(477): Mage::register('_singleton/fixa...', false)
#2 /home/vasquezj/public_html/includes/src/__default.php(22054): Mage::getSingleton('fixaddtocartmag...')
#3 /home/vasquezj/public_html/app/Mage.php(448): Mage_Core_Model_App->dispatchEvent('controller_acti...', Array)
#4 /home/vasquezj/public_html/includes/src/__default.php(14405): Mage::dispatchEvent('controller_acti...', Array)
#5 /home/vasquezj/public_html/includes/src/__default.php(15028): Mage_Core_Controller_Varien_Action->postDispatch()
#6 /home/vasquezj/public_html/includes/src/__default.php(14276): Mage_Core_Controller_Front_Action->postDispatch()
#7 /home/vasquezj/public_html/includes/src/__default.php(18726): Mage_Core_Controller_Varien_Action->dispatch('index')
#8 /home/vasquezj/public_html/includes/src/__default.php(18256): Mage_Core_Controller_Varien_Router_Standard->match(Object(Mage_Core_Controller_Request_Http))
#9 /home/vasquezj/public_html/includes/src/__default.php(21084): Mage_Core_Controller_Varien_Front->dispatch()
#10 /home/vasquezj/public_html/app/Mage.php(684): Mage_Core_Model_App->run(Array)
#11 /home/vasquezj/public_html/index.php(83): Mage::run('', 'store')
#12 {main}

jasonv77 commented Aug 31, 2015

running magento 1.9.2.1 getting this add to cart issue, if i disable the csrf protections the issue goes away. I heard it is not recommended to disable this protection. any advice.

im new to this , am not running turpentine or varnish as far as I know.

i tried a separate solution to fix this issue and got
this error when i tried to install inovarti fix.

There has been an error processing your request

Mage registry key "_singleton/fixaddtocartmage18/observer" already exists

Trace:
#0 /home/vasquezj/public_html/app/Mage.php(223): Mage::throwException('Mage registry k...')
#1 /home/vasquezj/public_html/app/Mage.php(477): Mage::register('_singleton/fixa...', false)
#2 /home/vasquezj/public_html/includes/src/__default.php(22054): Mage::getSingleton('fixaddtocartmag...')
#3 /home/vasquezj/public_html/app/Mage.php(448): Mage_Core_Model_App->dispatchEvent('controller_acti...', Array)
#4 /home/vasquezj/public_html/includes/src/__default.php(14405): Mage::dispatchEvent('controller_acti...', Array)
#5 /home/vasquezj/public_html/includes/src/__default.php(15028): Mage_Core_Controller_Varien_Action->postDispatch()
#6 /home/vasquezj/public_html/includes/src/__default.php(14276): Mage_Core_Controller_Front_Action->postDispatch()
#7 /home/vasquezj/public_html/includes/src/__default.php(18726): Mage_Core_Controller_Varien_Action->dispatch('index')
#8 /home/vasquezj/public_html/includes/src/__default.php(18256): Mage_Core_Controller_Varien_Router_Standard->match(Object(Mage_Core_Controller_Request_Http))
#9 /home/vasquezj/public_html/includes/src/__default.php(21084): Mage_Core_Controller_Varien_Front->dispatch()
#10 /home/vasquezj/public_html/app/Mage.php(684): Mage_Core_Model_App->run(Array)
#11 /home/vasquezj/public_html/index.php(83): Mage::run('', 'store')
#12 {main}

@miguelbalparda

This comment has been minimized.

Show comment
Hide comment
@miguelbalparda

miguelbalparda Aug 31, 2015

Contributor

We have several fixes for this. You should try both the VCL fix and the Observer fix available under System - Configuration - Varnish Options - General

Contributor

miguelbalparda commented Aug 31, 2015

We have several fixes for this. You should try both the VCL fix and the Observer fix available under System - Configuration - Varnish Options - General

@jasonv77

This comment has been minimized.

Show comment
Hide comment
@jasonv77

jasonv77 Aug 31, 2015

i dont have varnish options

jasonv77 commented Aug 31, 2015

i dont have varnish options

@miguelbalparda

This comment has been minimized.

Show comment
Hide comment
@miguelbalparda

miguelbalparda Aug 31, 2015

Contributor

Have you actually installed Nexcess_Turpentine?

Contributor

miguelbalparda commented Aug 31, 2015

Have you actually installed Nexcess_Turpentine?

@jasonv77

This comment has been minimized.

Show comment
Hide comment
@jasonv77

jasonv77 commented Aug 31, 2015

no

@jasonv77

This comment has been minimized.

Show comment
Hide comment
@jasonv77

jasonv77 Aug 31, 2015

and i am getting this error with a clean install of magento 1.9.2.1

jasonv77 commented Aug 31, 2015

and i am getting this error with a clean install of magento 1.9.2.1

@miguelbalparda

This comment has been minimized.

Show comment
Hide comment
@miguelbalparda

miguelbalparda Aug 31, 2015

Contributor

@jasonv77 we can't help you in this case. I suggest you to install Nexcess_Turpentine and read the documentation first.

Contributor

miguelbalparda commented Aug 31, 2015

@jasonv77 we can't help you in this case. I suggest you to install Nexcess_Turpentine and read the documentation first.

@jasonv77

This comment has been minimized.

Show comment
Hide comment
@jasonv77

jasonv77 commented Aug 31, 2015

k

@AnuragKhandelwal15

This comment has been minimized.

Show comment
Hide comment
@AnuragKhandelwal15

AnuragKhandelwal15 Oct 23, 2015

I had an issue after an upgrade from 1.8 to 1.9 that sometimes non-logged in users were unable to add product to cart but after applying https://github.com/deivisonarthur/Inovarti_FixAddToCartMage18, it seems working fine but not sure if other thing is going to break or not, till time great fix!!
keep helping!!

AnuragKhandelwal15 commented Oct 23, 2015

I had an issue after an upgrade from 1.8 to 1.9 that sometimes non-logged in users were unable to add product to cart but after applying https://github.com/deivisonarthur/Inovarti_FixAddToCartMage18, it seems working fine but not sure if other thing is going to break or not, till time great fix!!
keep helping!!

@aricwatson

This comment has been minimized.

Show comment
Hide comment
@aricwatson

aricwatson Oct 23, 2015

Contributor

FYI, This should be essentially the same as the "use observer fix" option provided in the current Turpentine configuration. It does disable CRSF protection, which is why it isn't on by default.

Contributor

aricwatson commented Oct 23, 2015

FYI, This should be essentially the same as the "use observer fix" option provided in the current Turpentine configuration. It does disable CRSF protection, which is why it isn't on by default.

@AnuragKhandelwal15

This comment has been minimized.

Show comment
Hide comment
@AnuragKhandelwal15

AnuragKhandelwal15 Oct 23, 2015

@aricwatson I am newbie and dont know about turpentine discussed above, can you please tell me which to follow because I dont want to play with security in live site I am working on..
I didn't found turpentine extension in system>advanced but I have varnish installed.
Please suggest

AnuragKhandelwal15 commented Oct 23, 2015

@aricwatson I am newbie and dont know about turpentine discussed above, can you please tell me which to follow because I dont want to play with security in live site I am working on..
I didn't found turpentine extension in system>advanced but I have varnish installed.
Please suggest

@aricwatson

This comment has been minimized.

Show comment
Hide comment
@aricwatson

aricwatson Oct 23, 2015

Contributor

The option is part of the general options in Turpentine.

What version of Turpentine are you using? I don't know of any add to cart issues since we instituted this fix back in August.

Contributor

aricwatson commented Oct 23, 2015

The option is part of the general options in Turpentine.

What version of Turpentine are you using? I don't know of any add to cart issues since we instituted this fix back in August.

@AnuragKhandelwal15

This comment has been minimized.

Show comment
Hide comment
@AnuragKhandelwal15

AnuragKhandelwal15 Oct 24, 2015

@aricwatson I am using magento 1.9.2.1 not turpentine

AnuragKhandelwal15 commented Oct 24, 2015

@aricwatson I am using magento 1.9.2.1 not turpentine

@punitgadhiya

This comment has been minimized.

Show comment
Hide comment
@miguelbalparda

This comment has been minimized.

Show comment
Hide comment
@miguelbalparda

miguelbalparda Oct 26, 2015

Contributor

@punitgadhiya this fix is already merged with Turpentine, if you try to install it again it might lead to unexpected results.
@AnuragKhandelwal15 Turpentine is not the same as Magento, thus the different version names.

Contributor

miguelbalparda commented Oct 26, 2015

@punitgadhiya this fix is already merged with Turpentine, if you try to install it again it might lead to unexpected results.
@AnuragKhandelwal15 Turpentine is not the same as Magento, thus the different version names.

@Krapulat

This comment has been minimized.

Show comment
Hide comment
@Krapulat

Krapulat Oct 27, 2015

@miguelbalparda It seems that with ajax add to cart, the problem appears. The cart is empty.

The links in category pages don't work:

onclick="setLocationAjax('https://www.example.com/checkout/cart/add/uenc/aHR0cHM6Ly93d3cudG9kb3VucGxhY2VyLmVzL3ZpYnJhZG9yZXMv/product/141/form_key/9yX0wizCRkXRSuIP/','141')"

but if I click "add to cart" inside the product page, it works fine.

If I disable ajax add to cart, the problem doesn't appear. It works ok.

Do you know what can be the problem?

Krapulat commented Oct 27, 2015

@miguelbalparda It seems that with ajax add to cart, the problem appears. The cart is empty.

The links in category pages don't work:

onclick="setLocationAjax('https://www.example.com/checkout/cart/add/uenc/aHR0cHM6Ly93d3cudG9kb3VucGxhY2VyLmVzL3ZpYnJhZG9yZXMv/product/141/form_key/9yX0wizCRkXRSuIP/','141')"

but if I click "add to cart" inside the product page, it works fine.

If I disable ajax add to cart, the problem doesn't appear. It works ok.

Do you know what can be the problem?

@Krapulat

This comment has been minimized.

Show comment
Hide comment
@Krapulat

Krapulat Oct 27, 2015

*Solved: I've added "ajax" to the URL Blacklist.

Krapulat commented Oct 27, 2015

*Solved: I've added "ajax" to the URL Blacklist.

@AnuragKhandelwal15

This comment has been minimized.

Show comment
Hide comment
@AnuragKhandelwal15

AnuragKhandelwal15 Dec 23, 2015

@Krapulat : Can you elaborate the steps you followed?
It is because I have the same issue but somehow I am managing it by adding form_key using an observer mentioned above

AnuragKhandelwal15 commented Dec 23, 2015

@Krapulat : Can you elaborate the steps you followed?
It is because I have the same issue but somehow I am managing it by adding form_key using an observer mentioned above

@ADDISON74

This comment has been minimized.

Show comment
Hide comment
@ADDISON74

ADDISON74 Feb 2, 2016

I am looking for a solution to disable the formkey checking for precisely actions (add to wishlist/compare/cart). Disabling CSRF in backend is not working. In this moment I edited a few core files to get this working (not many), but I need an elegant way. I made a request to Turpentine developers to take in consideration ideas from this page.

@EvrijnSD: how can be used your plugin? just copying the files on server? thank you.

ADDISON74 commented Feb 2, 2016

I am looking for a solution to disable the formkey checking for precisely actions (add to wishlist/compare/cart). Disabling CSRF in backend is not working. In this moment I edited a few core files to get this working (not many), but I need an elegant way. I made a request to Turpentine developers to take in consideration ideas from this page.

@EvrijnSD: how can be used your plugin? just copying the files on server? thank you.

@EvanRijn

This comment has been minimized.

Show comment
Hide comment
@EvanRijn

EvanRijn Feb 2, 2016

Yes,

just copy the files,

2016-02-02 17:51 GMT+01:00 ADDISON notifications@github.com:

I am looking for a solution to disable the formkey checking for precisely
actions (add to wishlist/compare/cart). Disabling CSRF in backend is not
working. In this moment I edited a few core files to get this working (not
many), but I need an elegant way. I made a request to Turpentine developers
to take in consideration ideas from this page.

@EvrijnSD https://github.com/EvrijnSD: how can be used your plugin?
just copying the files on server? thank you.


Reply to this email directly or view it on GitHub
#345 (comment)
.

EvanRijn commented Feb 2, 2016

Yes,

just copy the files,

2016-02-02 17:51 GMT+01:00 ADDISON notifications@github.com:

I am looking for a solution to disable the formkey checking for precisely
actions (add to wishlist/compare/cart). Disabling CSRF in backend is not
working. In this moment I edited a few core files to get this working (not
many), but I need an elegant way. I made a request to Turpentine developers
to take in consideration ideas from this page.

@EvrijnSD https://github.com/EvrijnSD: how can be used your plugin?
just copying the files on server? thank you.


Reply to this email directly or view it on GitHub
#345 (comment)
.

@ADDISON74

This comment has been minimized.

Show comment
Hide comment
@ADDISON74

ADDISON74 Feb 3, 2016

@EvrijnSD : Your plugin is not working for comparison. There are still redirecting issues. You add a product in a category, then you go in other category and remove that product from side block. You will be redirected to previous page instead of staying on the same page. Same behavior for Clear All button in Compare side block.

I updated the events to 1.9.2.2 but with no positive result.

'catalog_product_compare_add_product',
'catalog_product_compare_remove_product',
'catalog_product_compare_item_collection_clear'

I guess encoded URLs are still the big problem in this case. We should be able to disable this too.

ADDISON74 commented Feb 3, 2016

@EvrijnSD : Your plugin is not working for comparison. There are still redirecting issues. You add a product in a category, then you go in other category and remove that product from side block. You will be redirected to previous page instead of staying on the same page. Same behavior for Clear All button in Compare side block.

I updated the events to 1.9.2.2 but with no positive result.

'catalog_product_compare_add_product',
'catalog_product_compare_remove_product',
'catalog_product_compare_item_collection_clear'

I guess encoded URLs are still the big problem in this case. We should be able to disable this too.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment