Recent Topics

[6.10.3] This action can only be performed with HTTP_REFERER

Started by on Feb 07, 2019 – Contents updated: Feb 17, 2019

Feb 07, 2019 11:44    

[6.10.3] This action can only be performed with HTTP_REFERER

Hello all

I went to change some content in one of the widgets down the RH side of my blog at https://loobynet.co.uk/ yesterday, only to get the error in the subject line followed by :https://loobynet.co.uk/ when I go to https://loobynet.co.uk/admin.php?ctrl=widgets&blog=1

The screeshot might help. This happens with all widgets. Does anyone know what's wrong?

Name or URL of your webhost :tsohost.com

Feb 07, 2019 20:07

As it refers to a URL failure I'm thinking it is linked to the old problem, in that maybe admin cannot access the the widgets.

Difficult ?
Check the url of the page before you click to ensure it is OK
Using ftp check the folder where the widgets are that it's not somewhere out of place.
Check permissions on the widgets folder.

Feb 08, 2019 11:34

Oh hang on -- that's odd. If I click directly on the URL in the above post I can get in and edit the widget.

Well, I don't understand how that works, but at least it's a workround :)

Feb 08, 2019 12:07

So from your latest is is that the https isn't on the other link

widgets are in [/inc/widgets/widgets/]

Feb 08, 2019 12:20

Ah, thanks.

I'm a bit confused because when I hover over the hyperlink to a widget editing URL it's prefaced by https://, and if I copy and paste that into a new tab, it works; yet when I just click on it it gives me the referer error.

Feb 08, 2019 19:36

Not sure what you are doing. Can you post a screenshot of

  1. when I hover over the hyperlink to a widget editing URL
  1. yet when I just click on it it gives me the referer error.
  1. do you have the the green lock on the address bar

I'm playing with a new host and have an SSL certificate, so I've just had to change my settings > urls > check [https only]

Feb 12, 2019 11:20

Just to say that since I've upgraded my host and installed a security certificate and change the base url to include https I now have the same problem so will update soon hopefully with a solution :)

Feb 12, 2019 14:49

Ah, that's interesting, thanks. I'll await that with interest.

Feb 12, 2019 15:36

I seem to have lost an update on the train whilst travelling home from Bristol, it would have preceded your reply, so this is not a response to your last.

Although I have the problem in Firefox I don't get it with Microsoft Edge, so please check that. Secondly I cannot even login using Opera, so if you have that or can be bothered to install it I would be interested to know what you find in that instance too.

Clearly if each of us suffers the same issues there is likely to be a common solution.

All the best. Just got home, to wash, clean, chop wood, eat food etc. so will be a while before I investigate further.

Feb 12, 2019 16:47

Hi @loobyloo

If you only have a problem with Firefox I have a solution, well for my setup anyway :
type in the address bar of Firefox [about:config] > get pass the dragons > search for [refer] to find the highlighted line in the image.
If the setting is 0 or 1 double click on it and set it to 2

Let me know how you get on.

P.S The Opera issue was just blocked cookies, so such access issue are resolved at my end

Feb 12, 2019 17:41

Since you have https, can you go into each collection and set it to use https only? Have no idea if it would help. Just a wild guess. Screenshot is from a fresh install - default setting for URLs.

Feb 12, 2019 19:13

@poorboy2

Your note of the option had already been implemented on my site when I transferred and I was with @loobyloo where we set his some months ago, am waiting to hear from him. Further the secure locks are fine )green) and all links say https.

Feb 17, 2019 09:17

Hello -- apologies for the delay in replying. Amoun -- you identified the problem correctly. It was that sendReferrer setting in FF.

Many thanks!


Form is loading...

Secure CMS – This forum is powered by b2evolution CMS, a complete engine for your website.