Cms: enableCsrfProtection causes queue failures for entries with category/asset fields

Created on 29 Aug 2019  路  7Comments  路  Source: craftcms/cms

Description

When enableCsrfProtection is set to false in general.php saving entries with categories or assets causes queue failures:

  • Updating search indexes
  • Updating element slugs and URIs

This is the error that I see when I hover over the failed tasks in dev mode:

session_start(): Cannot send session cookie - headers already sent by (output started at /Applications/MAMP/htdocs/www/project/vendor/craftcms/cms/src/web/Response.php:185)

Steps to reproduce

  1. Create a brand new project via composer (composer create-project craftcms/craft)
  2. Run ./craft setup with typical settings
  3. Update general.php and set enableCsrfProtection => false
  4. Create a new category group
  5. Create a new field for that category group
  6. Create a channel and add that previously created field as the only field
  7. Create a new entry in that channel with a category and save

Additional info

  • Craft version: 3.2.8 and 3.3.0.1
  • PHP version: 7.0.15 and 7.2.21
  • Database driver & version: mysqlnd 5.0.12-dev - 20150407
  • Plugins & versions: None
picture jamealg

Most helpful comment

Alright that鈥檚 been fixed for the next release.

To get the fix early, change your craftcms/cms requirement in composer.json to:

"require": {
  "craftcms/cms": "dev-develop#c9e1115f941f3b103c99bbfb3014da64f8e03957 as 3.3.0.1",
  "...": "..."
}

Then run composer update.

picture brandonkelly on 30 Aug 2019
🎉3

All 7 comments

And you鈥檙e definitely not seeing the same error when you re-enable the enableCsrfProtection setting?

brandonkelly picture brandonkelly on 29 Aug 2019

Definitely not. I verified in two environments with my project and a brand new project locally.

jamealg picture jamealg on 30 Aug 2019

I鈥檓 not able to reproduce this. Followed your steps to a T and the entry saves just fine 鈥撀營 even tested creating the category directly from within the Categories field鈥檚 selection modal.

We have seen that error before as a result of an Xdebug bug. Can you try disabling that, if you have it installed?

brandonkelly picture brandonkelly on 30 Aug 2019

Sorry nevermind, we鈥檙e able to reproduce.

brandonkelly picture brandonkelly on 30 Aug 2019

Alright that鈥檚 been fixed for the next release.

To get the fix early, change your craftcms/cms requirement in composer.json to:

"require": {
  "craftcms/cms": "dev-develop#c9e1115f941f3b103c99bbfb3014da64f8e03957 as 3.3.0.1",
  "...": "..."
}

Then run composer update.

brandonkelly picture brandonkelly on 30 Aug 2019
🎉3

I have experienced same issue on Craft 3.3.7 when csrfTokenName is set to custom value

intoeetive picture intoeetive on 9 Oct 2019

@intoeetive Can you please post as a new issue with steps to reproduce?

brandonkelly picture brandonkelly on 9 Oct 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

angrybrad picture angrybrad  路  3Comments
bitboxfw picture bitboxfw  路  3Comments
Mosnar picture Mosnar  路  3Comments
benface picture benface  路  3Comments
leigeber picture leigeber  路  3Comments