Jump to content
  • 0

Search Domain in From Another Page as a Client Error: The form token is invalid.



Search Domain in From Another Page as a Client

By default, visitor search domain in at order/config/preconfig/hosting. Blesta makes use of CSRF tokens by default, so logging in directly from another page will not work by default. To get around this restriction it's necessary to edit your config/blesta.php config file to add an exception. Back up, and then open config/blesta.php in a UTF-8 friendly text editor. But Still Im getting error

The form token is invalid.

Look for this line:

Configure::set("Blesta.csrf_bypass", array());

Change it to:

Configure::set("Blesta.csrf_bypass", array('domain_from :: index'));
Link to comment
Share on other sites

5 answers to this question

Recommended Posts

  • 0


I try to do same.

How i can make my html form working with csrf?


I have found this on some guy web site (and it is working well).

 <!-- Domain search area -->
      <div class="searchbox">
       <div class="container">

       <h2>Start your journey..</h2>

       <form method="post" action="https://domain.net/order/config/preconfig/Domains" class="disable-on-submit">
       <input type="hidden" name="_csrf_token" value="248b07ad391603435ea84a7bc7a29b5ed6f57ab87e090bb13835f61d6468026b" />
       <div class="input-group">
         <input name="domain" value="" type="text" class="form-control" placeholder="mydomain.com" >
         <div class="input-group-append">
            <button class="btn btn-primary" input type="submit"><img src="assets/images/search.png" /> Search</button>

Here is example of my form: (how i can make it to use csrf) ?

<form action="" method="POST" class="domain-search-form">
                <input type="search" placeholder="Enter Address" id="domain-search">
                <div class="select-group">
                    <select name="domainList">
                        <option value="com" selected>.com</option>
                        <option value="net">.net</option>
                        <option value="io">.io</option>
                        <option value="info">.info</option>
                        <option value="store">.store</option>
                    <input type="submit" value="Search">


Link to comment
Share on other sites

  • 0
On 10/19/2021 at 5:21 AM, boka003 said:

Here is example of my form: (how i can make it to use csrf) ?

If you are creating a form outside of Blesta to submit to Blesta you will not be able to generate a CSRF token and should disable CSRF for the whois page. At https://docs.blesta.com/display/user/Configuration+Files#ConfigurationFiles-Encryption see Blesta.csrf_bypass the example to bypass CSRF checks for the domain search is:

Configure::set("Blesta.csrf_bypass", ['config::preconfig']);


Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...