Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSRF validation failed #53

Closed
signalpoint opened this issue Jun 7, 2013 · 6 comments
Closed

CSRF validation failed #53

signalpoint opened this issue Jun 7, 2013 · 6 comments
Labels
Bug

Comments

@signalpoint
Copy link
Owner

Since Services 3.4, any calls via POST, PUT or DELETE need a CSRF token header sent along.

https://drupal.org/node/2013781
signalpoint added a commit that referenced this issue Jun 8, 2013
@signalpoint
#53 Changed _drupalgap_api_get_csrf_token() to get the token every ti…
f24e4dd 
…me, instead of using the previous token.
signalpoint added a commit that referenced this issue Jun 8, 2013
@signalpoint
#53. Tried saving sessid for CSRF validation, to no avail.
ab5c5ec
@signalpoint
Copy link
Owner Author

I'm not convinced this is solved yet, we're still getting bug reports. Probably related - https://drupal.org/node/2020417

@signalpoint signalpoint reopened this Jun 18, 2013
@botty
Copy link

botty commented Jun 21, 2013

Any update on this issue?

@signalpoint
Copy link
Owner Author

@botty - is there a particular Service Resource that you are getting this CSRF validation failure? The latest alpha snapshot on github defitely has some progress on this issue, it seems the only remaining issue is with login/logout when developing inside of Ripple. Will you please describe your issue in more detail? i.e. Are you developing for Android, or iOS? Inside an emulator, or compiling directly to a device? Developing in Ripple?

@botty
Copy link

botty commented Jun 22, 2013

Hi Tyler

I've updated to DrupalGap-7.x-1.x-alpha and it seems to have removed the CSRF issue, I am however getting a new error.created new issue here #67

(via Xcode 4.6.3 and running on iPhone 4S - Cordova 2.7.0 - not using ripple)

@signalpoint signalpoint mentioned this issue Jul 17, 2013
Closed
signalpoint added a commit that referenced this issue Aug 2, 2013
@signalpoint
#53. Changed _drupalgap_api_get_csrf_token() to not disregard the nee…
d24f8dc 
…d for a token if DrupalGap thinks the user is anonymous and the call is trying to perform a system connect.
@signalpoint
Copy link
Owner Author

Closing this issue. The work around to be able to develop in Chrome with Ripple is to install DrupalGap within the same domain as your Drupal site. For example, if your Drupal site is available at example.com, then install DrupalGap at example.com/mobile-application as the place to run the app. No need to disable web securtiy. For more information, see the Ripple guide: http://drupalgap.org/node/103

@x7ian
Copy link

x7ian commented Feb 24, 2017
edited

Hello,
Ive installed Drupal 7 and the module drupal gap and generated and launched the app.
It seems to be working ok. I can login with any created user.
However when i go to user register form and create a new account, when i submit the form, it gives me the account created alert message saying "Registration Complete!".
However after that it gives me a second alert saying that "CSRF validation failed".
Then after that If i refresh the page/app, the new user is logged in. If i logout and go to the login form and login again it works perfectly.
The CSRF error shows up only when creating a new account.
What i want is for the user to be logged in automatically when the account is created.
I installed Login Toboggan in Drupal and Drupalgap, and configured it so that the user will be logged in inmediatelly.
Im working everything on localhost.
Ive tested on poster my url:
http://localhost/sandbox.codeatrium/?q=drupalgap/system/connect.json
it show the "CSRF validation failed" error.
I dont understand why is it that this only happends when registering a new account and the normal login works fine.
Any sugestions on why could it be that this is happening!
Thank you for your help!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@botty @signalpoint @x7ian