Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

Installing SilverStripe /

Getting SilverStripe up and running on your computer and on your web server.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

Can't change content - 400 ERROR


Go to End


7 Posts   2867 Views

Avatar
pietro

Community Member, 18 Posts

2 June 2010 at 8:40am

Hi there,

I have a fresh 2.4.0 install. I can't update the default content of any of the pages. I invariably get a red error at the left bottom corner of the cms page saying "error saving content"

The firebug error goes as follow:
____________________________________________
400//SecurityID doesn't match, possible CSRF attack.

http://www.mysite.org/sapphire/thirdparty/prototype/prototype.js?m=1274042015
Line 658

(?)()
these()
getTransport()
initialize(Object { name="url"}, Object { name="options"})
create()protot...4042015 (line 25)
save(Object { name="ifChanged"}, Object { name="callAfter"}, Object { name="action"}, Object { name="publish"})
action_save_right()
onclick(Object { name="e"})
[Break on this error] function() {return new ActiveXObject('Microsoft.XMLHTTP')},\n

_______________________________________________

I suspect this has to do with my server configuration but i have no idea how to solve the problem. I have read the forum but none of the available solutions has worked for me.

Any help will be much appreciated,

Best,

Avatar
Sean

Forum Moderator, 922 Posts

2 June 2010 at 8:34pm

Edited: 02/06/2010 8:35pm

In your mysite/_config.php, try adding this line at the bottom:

Security::disable_all_security_tokens()

Are there any additional errors reported in Firebug this time?

Sean

Avatar
pietro

Community Member, 18 Posts

3 June 2010 at 4:16am

Edited: 03/06/2010 8:16am

Thank you Sean. I added the line at the end the config.php file and i get the following error when i try to visit the home page in my browser.

Fatal error: Call to undefined method Security::disable_all_security_tokens() in /mysite/_config.php on line 37

At the moment i don't have any more Firebug errors messages.

Any more suggestions?

Avatar
Sean

Forum Moderator, 922 Posts

3 June 2010 at 9:58am

Hi there,

Sorry, my mistake. Try the following instead:

Form::disable_all_security_tokens();

Sean

Avatar
pietro

Community Member, 18 Posts

3 June 2010 at 11:01am

I appreciate all your help Sean. It worked!!!

Avatar
Sean

Forum Moderator, 922 Posts

3 June 2010 at 10:53pm

Great to hear that!

Still unsure why the security tokens aren't working properly though...

Avatar
Nobrainer Web

Community Member, 138 Posts

28 October 2011 at 9:06am

Edited: 10/11/2011 1:08am

UPDATE: made the trailing slash rewrite ignore the login, by adding RewriteCond %{REQUEST_URI} !^/Security

I had this error after trying to redirect all url's not ending with a slash "/" to url with slash www.example.com to www.example.com/.
The code i was using messed up the admin sections and i could not save to DB.

The following code works to 301 redirect all urls to end with a slash / (Not well tested):

RewriteEngine On

RewriteBase /

RewriteCond %{HTTP_HOST} !^(www\.)example\.com$ [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301]

#RewriteCond %{REQUEST_URI} !\.[^./]+$
#RewriteCond %{REQUEST_URI} !(.*)/$
#RewriteRule ^(.*)$ http://www.example.com/$1/ [R=301,L]

### CHECK FOR TRAILING SLASH - Will ignore admin area, login and files
RewriteCond %{REQUEST_URI} !^/admin
RewriteCond %{REQUEST_URI} !^/Security

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !/$
RewriteCond %{REQUEST_URI} !(.*)/$
RewriteRule ^(.*)$ $1/ [L,R=301]

--
Thomas B. Nielsen
webdesign