Unexpected extra form field named "_csrf_token". Error

[SCMuseum]

Hello,

I've come across an error that I can't seem to pull up information on. Following an AtoM install in VirtualBox/Vagrant everything seems fine, but when I try to make any changes to the plugins page I get the error: Unexpected extra form field named "_csrf_token".

Every other page seems to work fine. I've tried restarting the vm, clearing caches, etc. I found one similar post on the forum, but they had a different error from 10 years ago. The general internet searches turn up suggestions related to permissions, but I haven't been able to find anything that would be useful. I may have missed something as Linux is fairly new to me.

Any assistance would be appreciated. Thank you.

[José Raddaoui]

Hi SCMuseum,

The latest Vagrant box enables CSRF protection by default and it looks like you have encountered a bug caused by this setting change. This issue should only happen in the qa/2.x branch, with CSRF protection enabled and we will take it in consideration for the 2.7 release. In the meantime, you could disable it in `apps/qubit/config/settings.yml` by setting `csrf_secret` to `false`, then clear Symfony cache and restart PHP-FPM:

php /path/to/atom/symfony cc

sudo systemctl restart php7.4-fpm

I'll update this thread once we have a fix included in the qa/2.x branch, so you can pull the latest changes and re-enable the protection.

Best regards,

Radda.

[SCMuseum]

Hello Radda,

Thank you. That worked.

I had come across one post from years ago about the CSRF setting, but it mentioned true/false. When I looked it up on my install it listed a key so I didn't mess with it. Figured something had changed over the years, but I guess not. thanks again.

[José Raddaoui]

This should be fixed in the qa/2.x development branch.