- Posts: 3
- Thank you received: 0
Welcome to the LimeSurvey Community Forum
Ask the community, share ideas, and connect with other LimeSurvey users!
The CSRF token could not be verified
- sheraz01
- Topic Author
- Offline
- New Member
Less
More
7 years 6 months ago #142652
by sheraz01
The CSRF token could not be verified was created by sheraz01
I have downloaded XAMPP lime survey and created a survey on local host.
When I try to access it using REMOTE CONTROL API it gives me the following error
<body>
<h1>Bad Request</h1>
<h2>The CSRF token could not be verified.</h2>
<p>
The request could not be understood by the server due to malformed syntax.
Please do not repeat the request without modifications.
</p>
<p>
If you think this is a server error, please contact the webmaster.
</p>
This is my code in java
HttpPost post = new HttpPost("http://192.168.8.100//index.php/admin/remotecontrol");
post.setHeader("Content-type", "application/json");
try {
post.setEntity( new StringEntity("{\"method\": \"get_session_key\", \"params\": [\"admin\", \"password\" ], \"id\": 1}"));
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
try {
HttpResponse response = client.execute(post);
if(response.getStatusLine().getStatusCode() == 200){
HttpEntity entity = response.getEntity();
Log.d("vall",EntityUtils.toString(entity));
String sessionKey = parse(EntityUtils.toString(entity));
post.setEntity( new StringEntity("{\"method\": \"list_groups\", \"params\": [ \""+sessionKey+"\", \"578915\" ], \"id\": 1}"));
response = client.execute(post);
if(response.getStatusLine().getStatusCode() == 200){
entity = response.getEntity();
Log.d("outputt",EntityUtils.toString(entity));
}
}
When I try to access it using REMOTE CONTROL API it gives me the following error
<body>
<h1>Bad Request</h1>
<h2>The CSRF token could not be verified.</h2>
<p>
The request could not be understood by the server due to malformed syntax.
Please do not repeat the request without modifications.
</p>
<p>
If you think this is a server error, please contact the webmaster.
</p>
This is my code in java
HttpPost post = new HttpPost("http://192.168.8.100//index.php/admin/remotecontrol");
post.setHeader("Content-type", "application/json");
try {
post.setEntity( new StringEntity("{\"method\": \"get_session_key\", \"params\": [\"admin\", \"password\" ], \"id\": 1}"));
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
try {
HttpResponse response = client.execute(post);
if(response.getStatusLine().getStatusCode() == 200){
HttpEntity entity = response.getEntity();
Log.d("vall",EntityUtils.toString(entity));
String sessionKey = parse(EntityUtils.toString(entity));
post.setEntity( new StringEntity("{\"method\": \"list_groups\", \"params\": [ \""+sessionKey+"\", \"578915\" ], \"id\": 1}"));
response = client.execute(post);
if(response.getStatusLine().getStatusCode() == 200){
entity = response.getEntity();
Log.d("outputt",EntityUtils.toString(entity));
}
}
The topic has been locked.
- LouisGac
- Visitor
7 years 6 months ago #142660
by LouisGac
Replied by LouisGac on topic The CSRF token could not be verified
I don't know the remote control API, but in general, you use a post request to post information (and in general, to do that you need a CSRF token), and to get an information you use a GET request.
Reading your code, it seems you're using a post request to get the key...
www.w3schools.com/TAGS/ref_httpmethods.asp
(still not sure it will solve your problem, just a general approach)
Reading your code, it seems you're using a post request to get the key...
www.w3schools.com/TAGS/ref_httpmethods.asp
(still not sure it will solve your problem, just a general approach)
The topic has been locked.
- sheraz01
- Topic Author
- Offline
- New Member
Less
More
- Posts: 3
- Thank you received: 0
7 years 6 months ago #142722
by sheraz01
Replied by sheraz01 on topic The CSRF token could not be verified
Automatically populating $HTTP_RAW_POST_DATA is deprecated and will be removed in a future version. To avoid this warning set 'always_populate_raw_post_data' to '-1' in php.ini and use the php://input stream instead. in <b>Unknown</b> on line <b>0</b><br />
<br />
<b>Warning</b>: Cannot modify header information - headers already sent in <b>Unknown</b> on line <b>0</b><br />
this is the error im receiving now
<br />
<b>Warning</b>: Cannot modify header information - headers already sent in <b>Unknown</b> on line <b>0</b><br />
this is the error im receiving now
The topic has been locked.
- DenisChenu
- Away
- LimeSurvey Community Team
Less
More
- Posts: 13643
- Thank you received: 2491
7 years 6 months ago #142740
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic The CSRF token could not be verified
In fact CRSF token must be disable for this part in internal.php
github.com/LimeSurvey/LimeSurvey/blob/ma...ig/internal.php#L114
We can not use CRSF token : usage is to
1 : add a session value
2: add an hidden input box with the session value
3: control if sessionValue==postedValue
Did you update the request part in config ?
Denis
github.com/LimeSurvey/LimeSurvey/blob/ma...ig/internal.php#L114
We can not use CRSF token : usage is to
1 : add a session value
2: add an hidden input box with the session value
3: control if sessionValue==postedValue
Did you update the request part in config ?
Denis
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.
- sheraz01
- Topic Author
- Offline
- New Member
Less
More
- Posts: 3
- Thank you received: 0
7 years 6 months ago #142833
by sheraz01
Replied by sheraz01 on topic The CSRF token could not be verified
Hello Denis,
I've resolved those issues.
I have a couple of questions now?
1. The Iss or Isa file representing the Survey structure, How do I view or use them?
2. Is there an API to view the selectable answer to a question such as multiple choice or radio choice question?
Thanks
I've resolved those issues.
I have a couple of questions now?
1. The Iss or Isa file representing the Survey structure, How do I view or use them?
2. Is there an API to view the selectable answer to a question such as multiple choice or radio choice question?
Thanks
The topic has been locked.
- DenisChenu
- Away
- LimeSurvey Community Team
Less
More
- Posts: 13643
- Thank you received: 2491
7 years 6 months ago #142836
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic The CSRF token could not be verified
It can be great to explain how you fix it .....sheraz wrote: Hello Denis,
I've resolved those issues.
....
lss is XML , then an XML viewer or a text editor. lsa is a zip archive with lss + token.csv + responses.(don 't remind the format). Unzip it and look at the file.1. The Iss or Isa file representing the Survey structure, How do I view or use them?
Don't know2. Is there an API to view the selectable answer to a question such as multiple choice or radio choice question?
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.
- manavaahuja07
- Offline
- New Member
Less
More
- Posts: 14
- Thank you received: 1
7 years 1 month ago #151035
by manavaahuja07
Replied by manavaahuja07 on topic The CSRF token could not be verified
I am getting same error how you resolve this error plz explain in details.
The topic has been locked.
- manavaahuja07
- Offline
- New Member
Less
More
- Posts: 14
- Thank you received: 1
7 years 1 month ago #151073
by manavaahuja07
Replied by manavaahuja07 on topic The CSRF token could not be verified
OK I solved my self.
The topic has been locked.
- DenisChenu
- Away
- LimeSurvey Community Team
Less
More
- Posts: 13643
- Thank you received: 2491
7 years 1 month ago #151074
by DenisChenu
Maybe you can improve LimeSUrvey or manual for all other user's ?
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic The CSRF token could not be verified
Can you explain the issue ?manavaahuja07 wrote: OK I solved my self.
Maybe you can improve LimeSUrvey or manual for all other user's ?
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.
- Mazi
- Offline
- Official LimeSurvey Partner
5 years 7 months ago #173945
by Mazi
Best regards/Beste Grüße,
Dr. Marcel Minke
Need Help? We offer professional Limesurvey support: survey-consulting.com
Contact: marcel.minke(at)survey-consulting.com
Replied by Mazi on topic The CSRF token could not be verified
@all, if you asked for help here and later successfully fixed such issues, then please tell others how you did that. That is how a forum from users to users should work.
Thanks!
Thanks!
Best regards/Beste Grüße,
Dr. Marcel Minke
Need Help? We offer professional Limesurvey support: survey-consulting.com
Contact: marcel.minke(at)survey-consulting.com
The topic has been locked.
- JackAttack
- Offline
- New Member
Less
More
- Posts: 3
- Thank you received: 0
4 years 7 months ago #188717
by JackAttack
Replied by JackAttack on topic The CSRF token could not be verified
Can somebody tell me how to solve this issue?
The topic has been locked.
- Mazi
- Offline
- Official LimeSurvey Partner
4 years 7 months ago #188718
by Mazi
Can you easily reproduce it? If so, what are the steps to do so?
Best regards/Beste Grüße,
Dr. Marcel Minke
Need Help? We offer professional Limesurvey support: survey-consulting.com
Contact: marcel.minke(at)survey-consulting.com
Replied by Mazi on topic The CSRF token could not be verified
So which Limesurvey version do you use and when exactly does that error show up?JackAttack wrote: Can somebody tell me how to solve this issue?
Can you easily reproduce it? If so, what are the steps to do so?
Best regards/Beste Grüße,
Dr. Marcel Minke
Need Help? We offer professional Limesurvey support: survey-consulting.com
Contact: marcel.minke(at)survey-consulting.com
The topic has been locked.