Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Installing SilverStripe /

Getting SilverStripe up and running on your computer and on your web server.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Can't change content - 400 ERROR

Go to End

7 Posts   1985 Views


Community Member, 18 Posts

2 June 2010 at 8:40am

Hi there,

I have a fresh 2.4.0 install. I can't update the default content of any of the pages. I invariably get a red error at the left bottom corner of the cms page saying "error saving content"

The firebug error goes as follow:
400//SecurityID doesn't match, possible CSRF attack.
Line 658

initialize(Object { name="url"}, Object { name="options"})
create()protot...4042015 (line 25)
save(Object { name="ifChanged"}, Object { name="callAfter"}, Object { name="action"}, Object { name="publish"})
onclick(Object { name="e"})
[Break on this error] function() {return new ActiveXObject('Microsoft.XMLHTTP')},\n


I suspect this has to do with my server configuration but i have no idea how to solve the problem. I have read the forum but none of the available solutions has worked for me.

Any help will be much appreciated,



Forum Moderator, 922 Posts

2 June 2010 at 8:34pm

Edited: 02/06/2010 8:35pm

In your mysite/_config.php, try adding this line at the bottom:


Are there any additional errors reported in Firebug this time?



Community Member, 18 Posts

3 June 2010 at 4:16am

Edited: 03/06/2010 8:16am

Thank you Sean. I added the line at the end the config.php file and i get the following error when i try to visit the home page in my browser.

Fatal error: Call to undefined method Security::disable_all_security_tokens() in /mysite/_config.php on line 37

At the moment i don't have any more Firebug errors messages.

Any more suggestions?


Forum Moderator, 922 Posts

3 June 2010 at 9:58am

Hi there,

Sorry, my mistake. Try the following instead:




Community Member, 18 Posts

3 June 2010 at 11:01am

I appreciate all your help Sean. It worked!!!


Forum Moderator, 922 Posts

3 June 2010 at 10:53pm

Great to hear that!

Still unsure why the security tokens aren't working properly though...

Nobrainer Web

Community Member, 138 Posts

28 October 2011 at 9:06am

Edited: 10/11/2011 1:08am

UPDATE: made the trailing slash rewrite ignore the login, by adding RewriteCond %{REQUEST_URI} !^/Security

I had this error after trying to redirect all url's not ending with a slash "/" to url with slash to
The code i was using messed up the admin sections and i could not save to DB.

The following code works to 301 redirect all urls to end with a slash / (Not well tested):

RewriteEngine On

RewriteBase /

RewriteCond %{HTTP_HOST} !^(www\.)example\.com$ [NC]
RewriteRule ^(.*)$$1 [L,R=301]

#RewriteCond %{REQUEST_URI} !\.[^./]+$
#RewriteCond %{REQUEST_URI} !(.*)/$
#RewriteRule ^(.*)$$1/ [R=301,L]

### CHECK FOR TRAILING SLASH - Will ignore admin area, login and files
RewriteCond %{REQUEST_URI} !^/admin
RewriteCond %{REQUEST_URI} !^/Security

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !/$
RewriteCond %{REQUEST_URI} !(.*)/$
RewriteRule ^(.*)$ $1/ [L,R=301]

Thomas B. Nielsen