I get one or two CSRF failures per day on ~600 sessions, however I’ve never been able to narrow down the cause and didn’t think much of it because of the low rate of failure. Today, I had a user fail the CSRF check 6 times on two different pages so I’d like to know how to fix this. Does anyone have any ideas why?
Below I’ve included the log sent to my email. I’ve bolded information that I think may be important or relevant (she’s on an IPv6 IP address and used the same device for all requests). I’ve also censored some information.
If it’s relevant, I’m on the latest Yii2 (2.0.12) and using Cloudflare.
2017-09-06 09:09:28
[108.162.249.94][-][dacc61335b3bbb071ec4ea8e43c6c7ff][error][yii\web\HttpException:400]
yii\web\BadRequestHttpException: Unable to verify your data
submission. in
/home/bookspro/booksproutapp/vendor/yiisoft/yii2/web/Controller.php:166
Stack trace:
#0
/home/bookspro/booksproutapp/frontend/controllers/SiteController.php(92):
yii\web\Controller->beforeAction(Object(yii\base\InlineAction))
#1
/home/bookspro/booksproutapp/vendor/yiisoft/yii2/base/Controller.php(154):
frontend\controllers\SiteController->beforeAction(Object(yii\base\InlineAction))
#2
/home/bookspro/booksproutapp/vendor/yiisoft/yii2/base/Module.php(523):
yii\base\Controller->runAction(‘contact’, Array)
#3
/home/bookspro/booksproutapp/vendor/yiisoft/yii2/web/Application.php(102):
yii\base\Module->runAction(‘site/contact’, Array)
#4
/home/bookspro/booksproutapp/vendor/yiisoft/yii2/base/Application.php(380):
yii\web\Application->handleRequest(Object(yii\web\Request))
#5 /home/bookspro/public_html/index.php(18):
yii\base\Application->run()
#6 {main}
2017-09-06 09:09:28
[108.162.249.94][-][dacc61335b3bbb071ec4ea8e43c6c7ff][info][application]
$_POST = [
'_frontend_csrf' =>
‘0U9jVU0fbg-gl7t4kADg1lKf8bv38sQYBPiSJvNHgqewykSHhS6KeAapE4-_9aS3QOQYilZBe4i_1x6nMDjP6A==’
]
$_SESSION = [
'__flash' => []
]
$_SERVER = [
'CONTENT_LENGTH' => '1111'
'CONTENT_TYPE' => 'application/x-www-form-urlencoded'
'CONTEXT_DOCUMENT_ROOT' => '/home/bookspro/public_html'
'CONTEXT_PREFIX' => ''
'DOCUMENT_ROOT' => '/home/bookspro/public_html'
'GATEWAY_INTERFACE' => 'CGI/1.1'
'HTTPS' => 'on'
'HTTP_ACCEPT' =>
‘text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8’
'HTTP_ACCEPT_ENCODING' => 'gzip'
'HTTP_ACCEPT_LANGUAGE' => 'en-au'
'HTTP_CF_CONNECTING_IP' =>
‘2001:8003:3d2e:8600:698a:XXXX:XXXX:XXXX’
'HTTP_CF_IPCOUNTRY' => 'AU'
'HTTP_CF_RAY' => '39a04a22cbd20b14-SYD'
'HTTP_CF_VISITOR' => '{\"scheme\":\"https\"}'
'HTTP_CONNECTION' => 'Keep-Alive'
'HTTP_HOST' => 'booksprout co'
'HTTP_ORIGIN' => 'https booksprout co'
'HTTP_REFERER' => 'https booksprout co/contact'
'HTTP_USER_AGENT' => [b]'Mozilla/5.0 (iPad; CPU OS 10_3_3 like Mac OS
X) AppleWebKit/603.3.8 (KHTML, like Gecko) Version/10.0 Mobile/14G60
Safari/602.1’[/b]
'HTTP_X_FORWARDED_FOR' =>
‘2001:8003:3d2e:8600:698a:XXXX:XXXX:XXXX’
'HTTP_X_FORWARDED_PROTO' => 'https'
'HTTP_X_HTTPS' => '1'
'PATH' => '/bin:/usr/bin'
'PHPRC' => '/home/bookspro/public_html'
'QUERY_STRING' => ''
'REDIRECT_HTTPS' => 'on'
'REDIRECT_SCRIPT_URI' => 'https booksprout co/contact'
'REDIRECT_SCRIPT_URL' => '/contact'
'REDIRECT_SSL_TLS_SNI' => 'booksprout co'
'REDIRECT_STATUS' => '200'
'REDIRECT_UNIQUE_ID' => 'Wa@7SKI8dZcGSkT7TjKxEQAAAso'
'REDIRECT_URL' => '/contact'
'REMOTE_ADDR' => '108.162.249.94'
'REMOTE_PORT' => '23955'
'REQUEST_METHOD' => 'POST'
'REQUEST_SCHEME' => 'https'
'REQUEST_URI' => '/contact'
'SCRIPT_FILENAME' => '/home/bookspro/public_html/index.php'
'SCRIPT_NAME' => '/index.php'
'SCRIPT_URI' => 'https booksprout co/contact'
'SCRIPT_URL' => '/contact'
'SERVER_ADDR' => '1.1.1.1'
'SERVER_ADMIN' => 'webmaster@booksprout co'
'SERVER_NAME' => 'booksprout co'
'SERVER_PORT' => '443'
'SERVER_PROTOCOL' => 'HTTP/1.1'
'SERVER_SIGNATURE' => ''
'SERVER_SOFTWARE' => 'Apache/2.4'
'SSL_TLS_SNI' => 'booksprout co'
'TZ' => 'America/Chicago'
'UNIQUE_ID' => 'Wa@7SKI8dZcGSkT7TjKxEQAAAso'
'PHP_SELF' => '/index.php'
'REQUEST_TIME_FLOAT' => 1504688968.7715
'REQUEST_TIME' => 1504688968
'argv' => []
'argc' => 0
]
Any help on the subject will be greatly appreciated. Thank you!