CKFinder: PHP : InvalidCsrfTokenException: Invalid CSRF token

Question

When I try to upload files I am getting the following error:

<b>Fatal error</b>:  Uncaught CKSource\CKFinder\Exception\InvalidCsrfTokenException: Invalid CSRF token. in D:\xampp\htdocs\mysite\includes\ckfinder\core\connector\php\vendor\cksource\ckfinder\src\CKSource\CKFinder\CKFinder.php:245
Stack trace:

This is new installation of ckfinder

the error tells you everything , you didn't pass the csrf token in your form — madalinivascu, Dec 13 '17 at 13:06
@madalinivascu bro, but how to pass the csrf token. can you please post it as an answer? — Sugumar Venkatesan, Dec 13 '17 at 13:08
i am not familiar with ckfinder, you should look that in the ckfinder documentation — madalinivascu, Dec 13 '17 at 13:10

zaak · Accepted Answer · 2017-12-14T16:12:24.463

1

The simplest solution (although not recommended) is to disable CSRF protection in CKFinder. For PHP connector you can do this with csrfProtection option by simply setting it to false:

 $config['csrfProtection'] = false;

The recommended way is to ask CKFinder to generate the CSRF token and use it when you submit your form (form field should be named ckCsrfToken):

var finder;

CKFinder.start({
    onInit: function(instance) {
        // Save finder instance to use it later
        finder = instance;
    }
});

// Later you can obtain the token the following way
console.log(finder.request('csrf:getToken'));

edited Dec 14 '17 at 16:12

answered Dec 13 '17 at 15:52

zaak

745
7
14

I know this is an old thread but how do you send it? The file upload is part of the PHP connector but I can't find any documentation on what to do with it once you get it from ckfinder. (still unclear why this isn't just set up automatically when you turn on CSRF) – Cfreak Jun 03 '21 at 14:25
@Cfreak: By default, everything should work fine without any changes required here (CSRF token is automatically added on frontend and validated on backend). Problems like above may occur e.g. on cross-domain configurations. Here is a note in the docs: https://ckeditor.com/docs/ckfinder/ckfinder3-php/commands.html#commands_csrf_protection If this doesn't help, can you please describe your issue with more details? – zaak Jun 04 '21 at 05:25
thanks for the reply. I am using a cross-domain configuration and getting errors. Most stuff works, just not uploads. It looks like I'm seeing a page linked now that I didn't catch before. Hopefully that points me in the right direction – Cfreak Jun 04 '21 at 15:07

CKFinder: PHP : InvalidCsrfTokenException: Invalid CSRF token

1 Answers1