Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

enableCsrfProtection causes queue failures for entries with category/asset fields #4854

Closed
jamealg opened this issue Aug 29, 2019 · 7 comments
Closed

enableCsrfProtection causes queue failures for entries with category/asset fields #4854

jamealg opened this issue Aug 29, 2019 · 7 comments

Comments

@jamealg
Copy link

jamealg commented Aug 29, 2019

Description

When enableCsrfProtection is set to false in general.php saving entries with categories or assets causes queue failures:

  • Updating search indexes
  • Updating element slugs and URIs

This is the error that I see when I hover over the failed tasks in dev mode:

session_start(): Cannot send session cookie - headers already sent by (output started at /Applications/MAMP/htdocs/www/project/vendor/craftcms/cms/src/web/Response.php:185)

Steps to reproduce

  1. Create a brand new project via composer (composer create-project craftcms/craft)
  2. Run ./craft setup with typical settings
  3. Update general.php and set enableCsrfProtection => false
  4. Create a new category group
  5. Create a new field for that category group
  6. Create a channel and add that previously created field as the only field
  7. Create a new entry in that channel with a category and save

Additional info

  • Craft version: 3.2.8 and 3.3.0.1
  • PHP version: 7.0.15 and 7.2.21
  • Database driver & version: mysqlnd 5.0.12-dev - 20150407
  • Plugins & versions: None
@brandonkelly
Copy link
Member

brandonkelly commented Aug 29, 2019
edited
Loading

And you’re definitely not seeing the same error when you re-enable the enableCsrfProtection setting?

@jamealg
Copy link
Author

jamealg commented Aug 29, 2019

Definitely not. I verified in two environments with my project and a brand new project locally.

@brandonkelly
Copy link
Member

I’m not able to reproduce this. Followed your steps to a T and the entry saves just fine – I even tested creating the category directly from within the Categories field’s selection modal.

We have seen that error before as a result of an Xdebug bug. Can you try disabling that, if you have it installed?

@brandonkelly
Copy link
Member

Sorry nevermind, we’re able to reproduce.

@brandonkelly
Copy link
Member

Alright that’s been fixed for the next release.

To get the fix early, change your craftcms/cms requirement in composer.json to:

"require": {
  "craftcms/cms": "dev-develop#c9e1115f941f3b103c99bbfb3014da64f8e03957 as 3.3.0.1",
  "...": "..."
}

Then run composer update.

@brandonkelly brandonkelly mentioned this issue Sep 4, 2019
Closed
@intoeetive
Copy link

I have experienced same issue on Craft 3.3.7 when csrfTokenName is set to custom value

@brandonkelly
Copy link
Member

@intoeetive Can you please post as a new issue with steps to reproduce?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@brandonkelly @intoeetive @jamealg