Jump to content
  • 0

Search Domain in From Another Page as a Client Error: The form token is invalid.


Question

Posted

Search Domain in From Another Page as a Client

By default, visitor search domain in at order/config/preconfig/hosting. Blesta makes use of CSRF tokens by default, so logging in directly from another page will not work by default. To get around this restriction it's necessary to edit your config/blesta.php config file to add an exception. Back up, and then open config/blesta.php in a UTF-8 friendly text editor. But Still Im getting error

The form token is invalid.

Look for this line:

Configure::set("Blesta.csrf_bypass", array());

Change it to:

Configure::set("Blesta.csrf_bypass", array('domain_from :: index'));

6 answers to this question

Recommended Posts

  • 0
Posted

Hello,

I try to do same.

How i can make my html form working with csrf?

 

I have found this on some guy web site (and it is working well).

 <!-- Domain search area -->
      <div class="searchbox">
       <div class="container">

       <h2>Start your journey..</h2>

       <form method="post" action="https://domain.net/order/config/preconfig/Domains" class="disable-on-submit">
       <input type="hidden" name="_csrf_token" value="248b07ad391603435ea84a7bc7a29b5ed6f57ab87e090bb13835f61d6468026b" />
       <div class="input-group">
         <input name="domain" value="" type="text" class="form-control" placeholder="mydomain.com" >
         <div class="input-group-append">
            <button class="btn btn-primary" input type="submit"><img src="assets/images/search.png" /> Search</button>
         </div>
       </div>
       </form>


Here is example of my form: (how i can make it to use csrf) ?

<form action="" method="POST" class="domain-search-form">
                <input type="search" placeholder="Enter Address" id="domain-search">
                <div class="select-group">
                    <select name="domainList">
                        <option value="com" selected>.com</option>
                        <option value="net">.net</option>
                        <option value="io">.io</option>
                        <option value="info">.info</option>
                        <option value="store">.store</option>
                    </select>
                    <input type="submit" value="Search">
                </div>
            </form>

 

  • 0
Posted
  On 10/19/2021 at 12:21 PM, boka003 said:

Here is example of my form: (how i can make it to use csrf) ?

Expand  

If you are creating a form outside of Blesta to submit to Blesta you will not be able to generate a CSRF token and should disable CSRF for the whois page. At https://docs.blesta.com/display/user/Configuration+Files#ConfigurationFiles-Encryption see Blesta.csrf_bypass the example to bypass CSRF checks for the domain search is:

Configure::set("Blesta.csrf_bypass", ['config::preconfig']);

 

  • 0
Posted

Done it, It is working well.

Can we do similar procedure with contact form?

When someone send as message via contact form, how it can automatic open ticket in Blesta?

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
×
×
  • Create New...