Serendipity Forums

Hello,

after upgrading to version 2.6.0 I'm getting

Your browser did not sent a valid HTTP-Referrer string. This may have either been caused by a misconfigured browser/proxy or by a Cross Site Request Forgery (XSRF) aimed at you. The action you requested could not be completed.

if I try to login into the admin interface.
After refreshing the page I can see the admin interface. All normal links are working, but as soon as I want to interact and press a dedicated button (like "Preview" or "Clear Cache" etc.) the same error message appears. So I can't really change anything. Commenting a blog post works, but not the admin interface.

The update itself was successful and the admin interface shows

Powered by Serendipity 2.6.0 and PHP 8.2.30

Any idea? Thank you very much!

We changed how the XSRF protection works and now rely on a browser header - but the expectation was that the error won't happen then in normal use (no timeouts). Which browser do you use, including the version?

I'm using firefox-esr 140.9.1esr (64-Bit) on debian testing.
I also tried the DuckDuckGo mobile app und Chrome (have to check version), same result.

That browser is definitely new enough. And the fallback header would also work. If it does not work on multiple browsers like that it has to be related to the server setup (or trigger some bug in serendipity). Though I'm not aware of anything that would explain this, like a setting or something.

I'll sent you a PM to check what we can do, I'll need to have a look at the site.

As a help for others: We figured it out. The site did not have https, and the fallback did not work because the site's baseURL was configured as www.example.com, but visited under example.com. Changing the url or adding a ssl certificate would fix the backend.

Thank you very much for your quick response and solution.

No problem. Honestly, this change should have seen more testing, so I was very interested in seeing this resolved.