Bad request & CSRF everywhere

More
1 year 3 weeks ago - 1 year 3 weeks ago #161980 by Hunter69
Hunter69 created the topic: Bad request & CSRF everywhere
Hi everyone,

I search a bit on google and on this forum but can't find any solution (I'll keep looking waiting for an answer anyway).

So I have a BIG PROBLEM : after weeks of good job, my survey just do not work anymore.

For the records, when the following happened, I was doing some change on my server trying to put it into https instead of http... beside this didn't touch a thing into LimeSurvey (and I didn't click on the "Enforce https mode" in security panel).

When I'm on HTTPS, everything is fine.

When I go back on HTTP here we go:

I try to log in admin ? "Bad Request. The CSRF token could not be verified. The request could not be understood by the server due to malformed syntax. Please do not repeat the request without modifications. If you think this is a server error, please contact the webmaster."

I try to log with another account ? Same.

I try to get to a survey with a direct link... Check. I resolve the Captcha, clik "next"... Bad request again...

I'm desesperate right now, doesn't know what to do... Anyone has an idea ?



Thanks a lot !
Last Edit: 1 year 3 weeks ago by Hunter69.

Please Log in or Create an account to join the conversation.

More
2 months 2 days ago #176968 by PorkCharSui
PorkCharSui replied the topic: Bad request & CSRF everywhere
Hi Hunter69,

Did you ever solved this problem, because I am experiencing the exact same problem at the moment.

Please Log in or Create an account to join the conversation.

More
2 months 2 days ago - 2 months 2 days ago #176970 by Joffm
Joffm replied the topic: Bad request & CSRF everywhere
Well,
just to say:
Neither Hunter69 nor you told us your exact LS version and the environment.
You find it at the lower right corner of your GUI. Click on it gives more information.

I assume that Hunter used a different version than you. He started the topic 10 month ago (so either he used a version of the 2.50/2.73 branch or a very early 3.x version)

You say "The same problem". Hunter is able to work with "https://" but not with "http://". This is also your problem?

The first question is: what is the setting of this option in "Global settings / security" (might be named differently)?

Joffm


Volunteers are not paid.
Not because they are worthless, but because they are priceless
Last Edit: 2 months 2 days ago by Joffm.

Please Log in or Create an account to join the conversation.

Start now!

Just create your account and start using Limesurvey today.

Register now
Join our Newsletter!