Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

osTicket v1.10 (stable) and Maintenance Release v1.9.15 are now available! Go get it now

Mod script produces Valid CSRF Token Required error

I have created a new page in the Admin > Dashboard of my osTicket v.1.10.1.

I thought that would be the hard part, but no!

I am now working on a PHP script that presents a form with a list of radio buttons. The admin can make a selection and the resulting value is saved on the server in a .txt file. 

Easy enough, I'd expect. And actually, I have the script working perfectly on the same server outside of osTicket.

But when the script is run from within osTicket and the form is submitted, it results in the dreaded Valid CSRF Token Required error.

It seems to me that I need to somehow infuse my form with a CSRF token, but how is this done?


  • I' m not sure but I could imagine that using an api key (like for the remote cron) could help..

  • I did get past this. It was very simple. In case anyone runs into this, all I had to do was add

    <?php csrf_token(); ?>

    in the form.

    My form still doesn't work, but that is another matter.
  • It's because you're POST'ing data.. GET doesn't use the CSRF system.. so, if it's something simple, you can bypass the restrictions with that. Get works via AJAX too. 
  • Hey, thanks for the tip Grizly.

    I thought I had gotten out of the woods on that particular issue, but instead of the CSRF error I started getting an Unknown Action error. Perhaps this new impasse is still related to the token requirement.

    Either way at some point I'll take a run at the form using GET.
Sign In or Register to comment.