Foxy Forum Status

We're no longer responding to questions via our forum, but we will keep it up for historical reasons. If you can't find the answer you're looking for, please visit our knowledge base or contact us. If there's enough interest in the future, we may bring the forum back.

Possible CSRF attempt

joelataylorjoelataylor Member
in Help edited May 2013
Hi - my client said they had a customer call in reporting an issue where they could not complete their order. The client's site does not attract high traffic or any attacks - just for reference.

I looked in the admin and saw these two error messages:

Possible CSRF attempt on the checkout page. fc_csrf_id = form Expected value: Uek4QwGJ4VdsNxmN28AtG1kfhBPgJ3yybJwRa7s5Szrw. Actual value: LEthrAxTsQhLc6vgYqDxtSBGgiSDcsMNW6ZdAr2Tc9ze

Error: This form was submitted incorrectly. Please try again.

I'm assuming the 2nd was due to the fc_csrf_id being different. Can someone shed some light as to why a random visitor would've received this type of error?

Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/536.29.13 (KHTML, like Gecko) Version/6.0.4 Safari/536.29.13

  • fc_adamfc_adam FoxyCart Team

    Did the customer mention to the client if they were having any troubles in particular with your checkout? The CSRF entries in the error log relate to the form not being submitted correctly, I believe, which is the errors you can see proceeding those errors. Looking through your store logs, you don't really receive any consistent amount of these errors, so I don't think it's an error with the store at all - it's possibly restricted to something this customer was doing.
  • @fc_adam

    Thanks for checking into it. The client didn't indicate any particular issues - just 'that it doesn't work'. :)

    Very weird to get the error though. I guess if it's a one off we don't need to worry about it.
  • fc_adamfc_adam FoxyCart Team
    @joelataylor -

    perhaps one thing to check that came up in a team discussion today - did the customer use a form autocompleter to complete their checkout details at all? If so, which one?
  • @fc_adam - I've reached out to the client to see if they used auto-complete - I'll let you know.
Sign In or Register to comment.