Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Installing SilverStripe

Getting SilverStripe up and running on your computer and on your web server.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Can't change content - 400 ERROR


7 Posts   1884 Views


2 June 2010 at 8:40am Community Member, 18 Posts

Hi there,

I have a fresh 2.4.0 install. I can't update the default content of any of the pages. I invariably get a red error at the left bottom corner of the cms page saying "error saving content"

The firebug error goes as follow:
400//SecurityID doesn't match, possible CSRF attack.
Line 658

initialize(Object { name="url"}, Object { name="options"})
create()protot...4042015 (line 25)
save(Object { name="ifChanged"}, Object { name="callAfter"}, Object { name="action"}, Object { name="publish"})
onclick(Object { name="e"})
[Break on this error] function() {return new ActiveXObject('Microsoft.XMLHTTP')},\n


I suspect this has to do with my server configuration but i have no idea how to solve the problem. I have read the forum but none of the available solutions has worked for me.

Any help will be much appreciated,



2 June 2010 at 8:34pm (Last edited: 2 June 2010 8:35pm), Forum Moderator, 921 Posts

In your mysite/_config.php, try adding this line at the bottom:


Are there any additional errors reported in Firebug this time?



3 June 2010 at 4:16am (Last edited: 3 June 2010 8:16am), Community Member, 18 Posts

Thank you Sean. I added the line at the end the config.php file and i get the following error when i try to visit the home page in my browser.

Fatal error: Call to undefined method Security::disable_all_security_tokens() in /mysite/_config.php on line 37

At the moment i don't have any more Firebug errors messages.

Any more suggestions?


3 June 2010 at 9:58am Forum Moderator, 921 Posts

Hi there,

Sorry, my mistake. Try the following instead:




3 June 2010 at 11:01am Community Member, 18 Posts

I appreciate all your help Sean. It worked!!!


3 June 2010 at 10:53pm Forum Moderator, 921 Posts

Great to hear that!

Still unsure why the security tokens aren't working properly though...

Nobrainer Web

28 October 2011 at 9:06am (Last edited: 10 November 2011 1:08am), Community Member, 135 Posts

UPDATE: made the trailing slash rewrite ignore the login, by adding RewriteCond %{REQUEST_URI} !^/Security

I had this error after trying to redirect all url's not ending with a slash "/" to url with slash to
The code i was using messed up the admin sections and i could not save to DB.

The following code works to 301 redirect all urls to end with a slash / (Not well tested):
   RewriteEngine On
   RewriteBase /

   RewriteCond %{HTTP_HOST} !^(www\.)example\.com$ [NC]
   RewriteRule ^(.*)$$1 [L,R=301]

   #RewriteCond %{REQUEST_URI} !\.[^./]+$
   #RewriteCond %{REQUEST_URI} !(.*)/$
   #RewriteRule ^(.*)$$1/ [R=301,L]
   ### CHECK FOR TRAILING SLASH - Will ignore admin area, login and files
   RewriteCond %{REQUEST_URI} !^/admin
   RewriteCond %{REQUEST_URI} !^/Security

   RewriteCond %{REQUEST_FILENAME} !-f
   RewriteCond %{REQUEST_URI} !/$
   RewriteCond %{REQUEST_URI} !(.*)/$
   RewriteRule ^(.*)$ $1/ [L,R=301]   

Thomas B. Nielsen