Invalid CSRF Token on 3.0.1

Done. (BTW, it’s line 47 in proxy.php).

Cleared caches, logged out and in to site. No change in behavior.

Here’s the Request Payload, parsed:

{“value”:”off”,”cfCSRFToken”:”1f866ac472″,”proxyURL”:”https://api.cloudflare.com/client/v4/zones/55a08c63de1e6bec63fe9193197aab61/settings/always_online”}

Stoopid editor keeps cutting off long lines:

{value: “off”, cfCSRFToken: “1f866ac472”,…}
cfCSRFToken
:
“1f866ac472”
proxyURL
:
“https://api.cloudflare.com/client/v4/zones/55a08c63de1e6bec63fe9193197aab61/settings/always_online”
value
:
“off”

Watching…I have the same issue.

So I can’t reproduce it but I’ve reworked the CSRF logic here in hopes that it will fix your issue. This release should go out Wednesday or Thursday.

Thanks,
John

Marvelous! I will watch for it!

Hi Guys,

3.0.3 has been released and has an attempted fix of this issue. Can you please let me know if you’re still seeing CSRF token errors?

Thanks,
John

still doing it ?? Sorry

@edgemarketing,

Ah, sorry to hear that!

What version of PHP are you using?
What version of WordPress are you using?

Thanks,
John

What other plugins are you guys running on your blogs?

is there a ticket system that i could just give you access so you can see/troubleshoot?

If you would rather continue troubleshoot via a CloudFlare.com support ticket thats fine but we aren’t allowed to log in to client machines to debug for legal reasons.

Thats ok. I will get you all that info but it may not be till tomorrow.

So we are running PHP 5.4.37 and the most recent version of WordPress always.

Okay, I’ve found the problem on two different sites running 3.0.3 on PHP 5.3.10.

It’s the Infinite WP management plugin. As soon as I deactivate it the CSRF Token disappears and doesn’t return under any conditions. I activated all the normal plugs (I’ll get you a list tomorrow) and the CF plug still works like a champ.

However, the site running 7.0.10 now has the “I can’t select an active zone and all the buttons on the CF screen are dead” problem. I’ve already disabled the IWP plug with no improvement.

I’ll try disabling all other plugs again.

• This reply was modified 8 years, 2 months ago by Steve Cunningham. Reason: replaced more bad news with some good. That's okay, right?

Okay, more news regarding the site on PHP7.0.10 with CF 3.0.3. Disabled all other plugins, no change. Disabled CF and re-activated it and it threw a fatal error (red box at the top of Plugins admin page). Couldn’t disable it again, had to remove it and reinstall new. Still threw fatal error. Went to CF site and purged all files, then tried with no other plugs enabled. Now it’s asking for credentials at the top of the screen. Tried to activate and it’s still throwing a fatal error. Removed and reinstalled, still with no other plugs. Can’t get out of this loop, and re-purging doesn’t fix it.

Fully deleted the IWP plug, trying to install and activate CF. Still throwing the fatal error. Unfortunately still lots of possibilities. Console shows JQMIGRATE: Migrate is installed, version 1.4.1 with an error
‘//@ sourceURL’ and ‘//@ sourceMappingURL’ are deprecated, please use ‘//#sourceURL=’ and ‘..# sourceMappingURL=’ instead. Incidentally, had a problem with and older theme tonite that also involved JQMIGRATE, which IIRC was introduced in WP 4.6 and here it is again. Feels like a JS problem now.
If you’ll tell me what you need from Developer Tools I’ll give you the info at failure time.

Two steps forward, one step back…