CSRF mismatch in OJS 3_3_0-8-18

Hi,

when ordering issues or sections in OJS 3_3_0-8-18 (in OJS 3_3_0-8-8 the error does not occur) we get:

PHP Fatal error: Uncaught Exception: CSRF mismatch! in
…/lib/pkp/classes/controllers/grid/GridHandler.inc.php:752

$this->getUserVar(‘csrfToken’) is empty, this is why the match fails.

Regards,
Carola

Hi @carola,

Some additional CSRF checks were added as part of this issue. They involve changes to the compiled javascript; have you flushed your browser’s cache? Does the behaviour change if you disable minification in config.inc.php?

Regards,
Alec Smecher
Public Knowledge Project Team

Hi @asmecher,

yes, it’s enable_minified!

Thank you so far,
Carola

Hi @carola,

Do you mean that turning off enable_minified fixes the problem?

Regards,
Alec Smecher
Public Knowledge Project Team

Hi @asmecher,

yes, turning off fixes the problem. I switched several times between on and off (to be sure it’s not the cache).

Regards,
Carola

Hi @carola,

In your OJS installation directory, do you have commit 9a38b0ae3ed932663bb5a92c8c747e4a31757651 included? (See e.g. git log js/pkp.min.js.)

The difference between minification enabled and disabled is that when minification is enabled, OJS relies on js/pkp.min.js to contain all its Javascript. When minification is disabled, OJS goes to the dozens of individual js files instead. If changing the flag to On breaks things, then it sounds like your compiled javascript is out of date (or an old version is cached).

Regards,
Alec Smecher
Public Knowledge Project Team

Thank you @asmecher, I upgraded to OJS 3_3_0-8-34, that solve the issue.

Regards,
Carola

1 Like

This topic was automatically closed after 9 days. New replies are no longer allowed.