Welcome to the LimeSurvey Community Forum

Ask the community, share ideas, and connect with other LimeSurvey users!

Bad request & CSRF everywhere

  • Hunter69
  • Hunter69's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
6 years 3 months ago - 6 years 3 months ago #161980 by Hunter69
Bad request & CSRF everywhere was created by Hunter69
Hi everyone,

I search a bit on google and on this forum but can't find any solution (I'll keep looking waiting for an answer anyway).

So I have a BIG PROBLEM : after weeks of good job, my survey just do not work anymore.

For the records, when the following happened, I was doing some change on my server trying to put it into https instead of http... beside this didn't touch a thing into LimeSurvey (and I didn't click on the "Enforce https mode" in security panel).

When I'm on HTTPS, everything is fine.

When I go back on HTTP here we go:

I try to log in admin ? "Bad Request. The CSRF token could not be verified. The request could not be understood by the server due to malformed syntax. Please do not repeat the request without modifications. If you think this is a server error, please contact the webmaster."

I try to log with another account ? Same.

I try to get to a survey with a direct link... Check. I resolve the Captcha, clik "next"... Bad request again...

I'm desesperate right now, doesn't know what to do... Anyone has an idea ?



Thanks a lot !
Last edit: 6 years 3 months ago by Hunter69.
The topic has been locked.
More
5 years 4 months ago #176968 by PorkCharSui
Replied by PorkCharSui on topic Bad request & CSRF everywhere
Hi Hunter69,

Did you ever solved this problem, because I am experiencing the exact same problem at the moment.
The topic has been locked.
  • Joffm
  • Joffm's Avatar
  • Offline
  • LimeSurvey Community Team
  • LimeSurvey Community Team
More
5 years 4 months ago - 5 years 4 months ago #176970 by Joffm
Replied by Joffm on topic Bad request & CSRF everywhere
Well,
just to say:
Neither Hunter69 nor you told us your exact LS version and the environment.
You find it at the lower right corner of your GUI. Click on it gives more information.

I assume that Hunter used a different version than you. He started the topic 10 month ago (so either he used a version of the 2.50/2.73 branch or a very early 3.x version)

You say "The same problem". Hunter is able to work with "https://" but not with "http://". This is also your problem?

The first question is: what is the setting of this option in "Global settings / security" (might be named differently)?

Joffm

Volunteers are not paid.
Not because they are worthless, but because they are priceless
Last edit: 5 years 4 months ago by Joffm.
The topic has been locked.

Lime-years ahead

Online-surveys for every purse and purpose