403 Forbidden Invalid or missing required CSRF token

[frasuy]

When loading a file to update 90k task records I get the error: 403
Forbidden Invalid or missing required CSRF token displayed from
https://workbench.developerforce.com/update.php. After error is
received you are unable to proceed to the next step.

Any advice to the intent of this message and what protocol needs to
happen to not receive this error?

Thanks.

-Fraser Suyetsugu

[Ryan Brainard]

Hi Fraser,

CSRF protection is a security feature of Workbench to protect against
attacks where hackers try to trick users into unknownly posting form
data. The protection works by the server generating a secret token
that is posted back and validated with form submissions. This should
be completely transparent to end users, and you should never be seeing
that error message if the system is working correctly. I reviewed the
code and I don't see anything obvious going on that would cause it in
your case, but I have a few questions that might help narrow it down:

1. Are you updating the records from a CSV or ZIP file?
2. Are you using asynchronous (Bulk API) updates?
3. Are you opening Workbench mutiple tabs, particularly in the steps
of the update wizard?
4. Are you ever clicking "Back" in the wizard?
5. Does the problem still happen if you only update a single record?
6. Does the problem still happen if you update just a few records?
7. Are you experiencing any timeouts during the update?
8. Is the issue consistantly reproducible?

Please let me the answers to these question, and I can look into it
further.

Thanks,
Ryan

On Sep 13, 6:28 am, frasuy <fra...@gmail.com> wrote:
> When loading a file to update 90k task records I get the error: 403

> Forbidden Invalid or missing required CSRF token displayed fromhttps://workbench.developerforce.com/update.php. After error is

[frasuy]

See inline answers below.

On Sep 13, 6:43 am, Ryan Brainard <ryan.brain...@gmail.com> wrote:
> Hi Fraser,
>
> CSRF protection is a security feature of Workbench to protect against
> attacks where hackers try to trick users into unknownly posting form
> data. The protection works by the server generating a secret token
> that is posted back and validated with form submissions. This should
> be completely transparent to end users, and you should never be seeing
> that error message if the system is working correctly. I reviewed the
> code and I don't see anything obvious going on that would cause it in
> your case, but I have a few questions that might help narrow it down:
>
> 1. Are you updating  the records from a CSV or ZIP file?

[FS] Was using a CSV file as data source.

> 2. Are you using asynchronous (Bulk API) updates?

[FS] Asynchronous

> 3. Are you opening Workbench mutiple tabs, particularly in the steps

[FS] I don't recall specifically but don't think so.

> of the update wizard?
> 4. Are you ever clicking "Back" in the wizard?

[FS] I don't recall specifically but don't think so.

> 5. Does the problem still happen if you only update a single record?

[FS] Not sure. Didn't test.

> 6. Does the problem still happen if you update just a few records?

[FS] Not sure. Didn't test.

> 7. Are you experiencing any timeouts during the update?

[FS] I was not able to make the update. The error is produced
immediately after the file is uploaded. Total upload time was quick
5-7 seconds.

> 8. Is the issue consistantly reproducible?

[FS] It was at the time across IE, FF and Chrome. I haven't tried
since.

[Ryan Brainard]

Thanks for the answers. I still have not been able to reproduce this
issue, but I have added additional logging to the
workbench.developerforce.com instance to gather additional diagnostics
to get to the bottom of this. I'll let you know once I have more
information. 
Thanks,Ryan

[praamo...@gmail.com]

I am also facing the same issue, after uploading the zip 100% system navigates the control to a 403 Forbidden page with message "Invalid or missing required CSRF token"
Please advice if someone got the solution for it.

--

Regards,
Pramod

[praamo...@gmail.com]

Hi Fraser,

Did you got any resolution for the above issue? as I am also facing the same issue at my end.

Regards,

Pramod

[dbrac...@gmail.com]

Hi Facing the same issue. Has there been any resolution to this problem? Thanks

[Ryan Brainard]

Are you seeing this consistently or intermitently? Also, what pages are you on and/or are you clicking the browser's Back button?

[Kevin Brace]

Hi Ryan, 

It's consistently happening. I can load a few records with no issue, but when I tried to load my 97k record file, I get the error. The error occurs after I load up the file and try to move to the next step (field mapping...).

I ended up having to use Apex Loader to get the file in today. I would prefer to use workbench though. 

Thanks

Kevin

[puz...@gmail.com]

Same here. 
I'm consistently getting this error when I try to update 470k contact emails using any browser/tab combination.

[Ryan Brainard]

Workbench needs some work on providing better error messages when users attempt large data operations, but 470K or even 97K is WAY too many records for Workbench to handle in one request. Try breaking down your file into smaller chucks (e.g. 2k) or use something like https://dataloader.io/ that is designed more for large data loads. Hopefully there will be some improvements in this area in the future, but Workbench was not originally designed for large data volumes.

[Nick Kremer]

Thanks for the info. 

This email has been sent from a mobile device therefore please excuse any typographic errors or brevity.

[mpa...@fonteva.com]

Hi Ryan - picking this thread back up.

Same error - but this time from attempting to Deploy Metadata to a new developer org:

I was able to successfully Retrieve from that same org....so I'm a little stumped as to why I cannot then deploy metadata to the org.  

Thanks,

Matt