Search

Mar 17, 2023

Invalid security or form key on admin page on magento 2

Go to admin page, login and got the error "Invalid security or form key. Please refresh the page."

Solution:

This is content of the patch file. Let's follow it



.../module-backend/App/Action/Plugin/Authentication.php  | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/vendor/magento/module-backend/App/Action/Plugin/Authentication.php 
b/vendor/magento/module-backend/App/Action/Plugin/Authentication.php
index 8227966e..0cdd9f12 100644
--- a/vendor/magento/module-backend/App/Action/Plugin/Authentication.php
+++ b/vendor/magento/module-backend/App/Action/Plugin/Authentication.php
@@ -102,6 +102,8 @@ class Authentication
 
 
    /**
+   * Ensures user is authenticated before accessing backend action controllers.
+   *
    * @param \Magento\Backend\App\AbstractAction $subject
    * @param \Closure $proceed
    * @param \Magento\Framework\App\RequestInterface $request
@@ -225,10 +227,9 @@ class Authentication
 
    // Checks, whether secret key is required for admin access or request 
    // uri is explicitly set
    if ($this->_url->useSecretKey()) {
-  $requestParts = explode('/', trim($request->getRequestUri(), '/'), 3);
-  $baseUrlPath = trim(parse_url($this->backendUrl->getBaseUrl(), PHP_URL_PATH), '/');
-  $routeIndex = empty($baseUrlPath) ? 0 : 1;
-  $requestUri = $this->_url->getUrl($requestParts[$routeIndex]);
+  // The requested URL has an invalid secret key and therefore redirecting 
+  // to this URL will cause a security vulnerability.
+       $requestUri = $this->_url->getUrl($this->_url->getStartupPageUrl());
    } elseif ($request) {
        $requestUri = $request->getRequestUri();
    }
on No comments:
Labels:

Setup multiple sites with nginx config on Magento 2

1. Create /etc/nginx/sites-available/spi24.conf

server
{
	listen 80;

	server_name spi24.local;

	set $MAGE_ROOT /var/www/html/spi24;
	set $MAGE_DEBUG_SHOW_ARGS 0;
	set $MAGE_RUN_TYPE website;
	set $MAGE_RUN_CODE base;
	include /var/www/html/spi24/nginx.conf;

	# Logs (access et errors)
	access_log /var/www/html/spi24/var/log/nginx-access.log;
	error_log /var/www/html/spi24/var/log/nginx-error.log;


}

server
{
	listen 80;

	server_name hts24.local;

	set $MAGE_ROOT /var/www/html/spi24;
	set $MAGE_DEBUG_SHOW_ARGS 0;
	set $MAGE_RUN_TYPE website;
	set $MAGE_RUN_CODE hts;
	include /var/www/html/spi24/nginx.conf;

	# Logs (access et errors)
	access_log /var/www/html/spi24/var/log/nginx-access.log;
	error_log /var/www/html/spi24/var/log/nginx-error.log; 
}


2. Create /etc/nginx/sites-available/magento.conf

upstream fastcgi_backend {

# M2.1
# server unix:/var/run/php/php7.0-fpm.sock;

# M2.3 
#       server   unix:/var/run/php/php7.2-fpm.sock; 

#       server   unix:/var/run/php/php7.3-fpm.sock;

# M2.4.3 
        server   unix:/var/run/php/php7.4-fpm.sock;

# M2.4.4 
#       server   unix:/var/run/php/php8.1-fpm.sock;
}


3. Create symlink

sudo ln -s /etc/nginx/sites-available/spi24.conf /etc/nginx/sites-enabled/
sudo ln -s /etc/nginx/sites-available/magento.conf /etc/nginx/sites-enabled/


4. Check nginx.conf file

on /var/www/html/spi24/nginx.conf

# PHP entry point for main application
# default
#location ~ ^/(index|get|static|errors/report|errors/404|errors/503|health_check)\.php$ {

# multi store
location ~ /(index|get|static|errors/report|errors/404|errors/503|health_check)\.php$ {


5. Check services


sudo service php*.*-fpm start  // Check step 2
sudo nginx -t
sudo service nginx restart


on No comments:
Labels:
Subscribe to: Posts (Atom)