Error in admin interface after 2.6.0 update

Having trouble installing serendipity?
Post Reply
sternchen
Regular
Posts: 26
Joined: Tue Nov 04, 2014 9:19 am

Error in admin interface after 2.6.0 update

Post by sternchen »

Hello,

after upgrading to version 2.6.0 I'm getting
Your browser did not sent a valid HTTP-Referrer string. This may have either been caused by a misconfigured browser/proxy or by a Cross Site Request Forgery (XSRF) aimed at you. The action you requested could not be completed.
if I try to login into the admin interface.
After refreshing the page I can see the admin interface. All normal links are working, but as soon as I want to interact and press a dedicated button (like "Preview" or "Clear Cache" etc.) the same error message appears. So I can't really change anything. Commenting a blog post works, but not the admin interface.

The update itself was successful and the admin interface shows
Powered by Serendipity 2.6.0 and PHP 8.2.30
Any idea? Thank you very much!
Top
onli
Regular
Posts: 3043
Joined: Tue Sep 09, 2008 10:04 pm
Contact:
Contact onli

Re: Error in admin interface after 2.6.0 update

Post by onli »

We changed how the XSRF protection works and now rely on a browser header - but the expectation was that the error won't happen then in normal use (no timeouts). Which browser do you use, including the version?
Top
sternchen
Regular
Posts: 26
Joined: Tue Nov 04, 2014 9:19 am

Re: Error in admin interface after 2.6.0 update

Post by sternchen »

I'm using firefox-esr 140.9.1esr (64-Bit) on debian testing.
I also tried the DuckDuckGo mobile app und Chrome (have to check version), same result.
Top
onli
Regular
Posts: 3043
Joined: Tue Sep 09, 2008 10:04 pm
Contact:
Contact onli

Re: Error in admin interface after 2.6.0 update

Post by onli »

That browser is definitely new enough. And the fallback header would also work. If it does not work on multiple browsers like that it has to be related to the server setup (or trigger some bug in serendipity). Though I'm not aware of anything that would explain this, like a setting or something.

I'll sent you a PM to check what we can do, I'll need to have a look at the site.
Top
onli
Regular
Posts: 3043
Joined: Tue Sep 09, 2008 10:04 pm
Contact:
Contact onli

Re: Error in admin interface after 2.6.0 update

Post by onli »

As a help for others: We figured it out. The site did not have https, and the fallback did not work because the site's baseURL was configured as www.example.com, but visited under example.com. Changing the url or adding a ssl certificate would fix the backend.
Top
sternchen
Regular
Posts: 26
Joined: Tue Nov 04, 2014 9:19 am

Re: Error in admin interface after 2.6.0 update

Post by sternchen »

Thank you very much for your quick response and solution.
Top
onli
Regular
Posts: 3043
Joined: Tue Sep 09, 2008 10:04 pm
Contact:
Contact onli

Re: Error in admin interface after 2.6.0 update

Post by onli »

No problem. Honestly, this change should have seen more testing, so I was very interested in seeing this resolved.
Top
Post Reply

Return to “Installation”