Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Latest post by b2z on Monday, 05 December 2022 18:17 EET
Hi,
I have a contest runing in: https://www.parquenacionalsierraguadarrama.es/es/patrimonio/concursos/votacion-xi-cine
I think it is working fine (i can vote, just one time) but some people have told me that they have and error "invalid token" when they try to vote. See https://prnt.sc/09EyNIiW3eV1
Thanks
Hello!
I also managed to vote successfully and there is no invalid token error.
It is a standard Joomla feature to send X-CSRF-Token with the AJAX request:
// Use POST for send the data
options.method = options.data ? 'POST' : options.method.toUpperCase();
if (options.method === 'POST') {
var token = Joomla.getOptions('csrf.token', '');
if (token) {
xhr.setRequestHeader('X-CSRF-Token', token);
}
if (typeof(options.data) === 'string' && (!options.headers || !options.headers['Content-Type'])) {
xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
}
}The component does not send any tokens, but checks for token in the request (see /controllers/participant.json.php) like this:
if (!Session::checkToken())
{
$response->message = 'Invalid Token';
echo $response;
return;
}Not sure where the problem can be in cases when the users get Invalid Token message.
Best regards,
Dmitrijs
Ok, thanks Dmitrijs.
None of the participants are joomla users nor are logged in. Do you think that I can "skip" this token check by hard editing the code?
Best wishes,
I strongly recommend not to do that as the token is needed to ensure that the request was made from your page and not from the third party resource.
I am not sure, but probably this can help. Try to modify JS code in /media/com_competition/js/competition.js on line 83:
data: data,
onSuccess: function(response, xhr) {Change it to:
data: data,
method: 'POST',
onSuccess: function(response, xhr) {After that rename the file competition.min.js that is located in /media/com_competition/js/ to competition-test.min.js - this will force to load competition.js instead of minified version.
Another thing that comes to my mind - the token by itself is located on the page under csrf.token inside this script:
<script type="application/json" class="joomla-script-options new">I can only imagine that for some reason sometimes it is not loaded, so Joomla cannot read it and send it with the AJAX request.
Best regards,
Dmitrijs
Hello,
Have you managed to resolve your issue?
Best regards,
Dmitrijs
Hi Dmitrijs,
Apologize for the delay in the feedback.
I am not really sure if it works, since it always works for me. One of the people with problems told me that it works, but after that I received another email reporting the issue. The contest is finished, so I can not test further.
Best wishes,
It seems like a random issue. Another guess from me is some kind of cache. Hard to debug :(
I am closing this for now.
Thank you for contacting NorrNext Support. This message is to confirm that the ticket is closed.
If you are happy with our support, we would be grateful if you took the time for a small review or just a vote on Trustpilot.
https://www.trustpilot.com/review/norrnext.com