The CSRF token could not be verified

More
1 year 2 weeks ago #142652 by sheraz01
sheraz01 created the topic: The CSRF token could not be verified
I have downloaded XAMPP lime survey and created a survey on local host.
When I try to access it using REMOTE CONTROL API it gives me the following error


<body>
<h1>Bad Request</h1>
<h2>The CSRF token could not be verified.</h2>
<p>
The request could not be understood by the server due to malformed syntax.
Please do not repeat the request without modifications.
</p>
<p>
If you think this is a server error, please contact the webmaster.
</p>



This is my code in java

HttpPost post = new HttpPost("http://192.168.8.100//index.php/admin/remotecontrol");
post.setHeader("Content-type", "application/json");
try {
post.setEntity( new StringEntity("{\"method\": \"get_session_key\", \"params\": [\"admin\", \"password\" ], \"id\": 1}"));
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
try {
HttpResponse response = client.execute(post);
if(response.getStatusLine().getStatusCode() == 200){
HttpEntity entity = response.getEntity();
Log.d("vall",EntityUtils.toString(entity));
String sessionKey = parse(EntityUtils.toString(entity));
post.setEntity( new StringEntity("{\"method\": \"list_groups\", \"params\": [ \""+sessionKey+"\", \"578915\" ], \"id\": 1}"));
response = client.execute(post);
if(response.getStatusLine().getStatusCode() == 200){
entity = response.getEntity();
Log.d("outputt",EntityUtils.toString(entity));
}
}

Please Log in to join the conversation.

More
1 year 2 weeks ago #142660 by LouisGac
LouisGac replied the topic: The CSRF token could not be verified
I don't know the remote control API, but in general, you use a post request to post information (and in general, to do that you need a CSRF token), and to get an information you use a GET request.

Reading your code, it seems you're using a post request to get the key...

www.w3schools.com/TAGS/ref_httpmethods.asp

(still not sure it will solve your problem, just a general approach)

Please Log in to join the conversation.

More
1 year 2 weeks ago #142722 by sheraz01
sheraz01 replied the topic: The CSRF token could not be verified
Automatically populating $HTTP_RAW_POST_DATA is deprecated and will be removed in a future version. To avoid this warning set 'always_populate_raw_post_data' to '-1' in php.ini and use the php://input stream instead. in <b>Unknown</b> on line <b>0</b><br />
<br />
<b>Warning</b>: Cannot modify header information - headers already sent in <b>Unknown</b> on line <b>0</b><br />


this is the error im receiving now

Please Log in to join the conversation.

More
1 year 1 week ago #142740 by DenisChenu
DenisChenu replied the topic: The CSRF token could not be verified
In fact CRSF token must be disable for this part in internal.php
github.com/LimeSurvey/LimeSurvey/blob/ma...ig/internal.php#L114

We can not use CRSF token : usage is to
1 : add a session value
2: add an hidden input box with the session value
3: control if sessionValue==postedValue

Did you update the request part in config ?
Denis

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand (or search sondages pro).
An error happen ? Before make a new topic : remind the Debug mode .

Please Log in to join the conversation.

More
1 year 1 week ago #142833 by sheraz01
sheraz01 replied the topic: The CSRF token could not be verified
Hello Denis,
I've resolved those issues.

I have a couple of questions now?

1. The Iss or Isa file representing the Survey structure, How do I view or use them?

2. Is there an API to view the selectable answer to a question such as multiple choice or radio choice question?

Thanks

Please Log in to join the conversation.

More
1 year 1 week ago #142836 by DenisChenu
DenisChenu replied the topic: The CSRF token could not be verified

sheraz wrote: Hello Denis,
I've resolved those issues.
....

It can be great to explain how you fix it .....

1. The Iss or Isa file representing the Survey structure, How do I view or use them?

lss is XML , then an XML viewer or a text editor. lsa is a zip archive with lss + token.csv + responses.(don 't remind the format). Unzip it and look at the file.

2. Is there an API to view the selectable answer to a question such as multiple choice or radio choice question?

Don't know

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand (or search sondages pro).
An error happen ? Before make a new topic : remind the Debug mode .

Please Log in to join the conversation.

More
6 months 4 weeks ago #151035 by manavaahuja07
manavaahuja07 replied the topic: The CSRF token could not be verified
I am getting same error how you resolve this error plz explain in details.

Please Log in to join the conversation.

More
6 months 3 weeks ago #151073 by manavaahuja07
manavaahuja07 replied the topic: The CSRF token could not be verified
OK I solved my self.

Please Log in to join the conversation.

More
6 months 3 weeks ago #151074 by DenisChenu
DenisChenu replied the topic: The CSRF token could not be verified

manavaahuja07 wrote: OK I solved my self.

Can you explain the issue ?
Maybe you can improve LimeSUrvey or manual for all other user's ?

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand (or search sondages pro).
An error happen ? Before make a new topic : remind the Debug mode .

Please Log in to join the conversation.

Start now!

Just create your account and start using Limesurvey today.

Register now