Title: Steve Cunningham's Replies | WordPress.org --- # Steve Cunningham [ ](https://wordpress.org/support/users/synthman/) * [Profile](https://wordpress.org/support/users/synthman/) * [Topics Started](https://wordpress.org/support/users/synthman/topics/) * [Replies Created](https://wordpress.org/support/users/synthman/replies/) * [Reviews Written](https://wordpress.org/support/users/synthman/reviews/) * [Topics Replied To](https://wordpress.org/support/users/synthman/replied-to/) * [Engagements](https://wordpress.org/support/users/synthman/engagements/) * [Favorites](https://wordpress.org/support/users/synthman/favorites/) Search replies: ## Forum Replies Created Viewing 15 replies - 1 through 15 (of 15 total) * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Cloudflare] Bad request](https://wordpress.org/support/topic/bad-request-22/) * [Steve Cunningham](https://wordpress.org/support/users/synthman/) * (@synthman) * [8 years, 4 months ago](https://wordpress.org/support/topic/bad-request-22/#post-9780570) * I am also seeing this red bar and “Forbidden” in all of my sites on Cloudflare. These sites are on Digital Ocean servers, managed by Server Pilot IO. SP sets up the DO servers on Apache, with nginx doing the transactions on the back. So I also suspect it’s in the API. BTW, after installing the 3.3.2’s, I rolled back to 3.3.1. Same results, including the endless load on Analytics. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Cloudflare] Invalid CSRF Token on 3.0.1](https://wordpress.org/support/topic/invalid-csrf-token-on-3-0-1/) * Thread Starter [Steve Cunningham](https://wordpress.org/support/users/synthman/) * (@synthman) * [9 years, 6 months ago](https://wordpress.org/support/topic/invalid-csrf-token-on-3-0-1/page/3/#post-8232998) * Just a note of thanks and to confirm that version 3.0.5 now appears to be fully functional on all my sites that don’t use InfiniteWP. I had many of the other problems with earlier versions, but 3.0.5 seems to have nailed it. * I know it ain’t done for every case. But thanks for the hard work; it is both admired and appreciated. * Best, Steve C. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Cloudflare] Invalid CSRF Token on 3.0.1](https://wordpress.org/support/topic/invalid-csrf-token-on-3-0-1/) * Thread Starter [Steve Cunningham](https://wordpress.org/support/users/synthman/) * (@synthman) * [9 years, 6 months ago](https://wordpress.org/support/topic/invalid-csrf-token-on-3-0-1/page/3/#post-8212242) * Glad to hear there’s an answer that makes sense. * Sounds like someone from Cloudflare will need to have a convo with someone from infinitewp.com. According to wordpress.org, IWP have 400,000+ active installs and 1.9m downloads of the client. * Someone needs to have a convo and change some code, methinks. * And it’s entirely possible that some other plugin out there may also make use of php://input, and it just hasn’t been seen yet. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Cloudflare] Invalid CSRF Token on 3.0.1](https://wordpress.org/support/topic/invalid-csrf-token-on-3-0-1/) * Thread Starter [Steve Cunningham](https://wordpress.org/support/users/synthman/) * (@synthman) * [9 years, 6 months ago](https://wordpress.org/support/topic/invalid-csrf-token-on-3-0-1/page/2/#post-8208660) * Okay, more news regarding the site on PHP7.0.10 with CF 3.0.3. Disabled all other plugins, no change. Disabled CF and re-activated it and it threw a fatal error( red box at the top of Plugins admin page). Couldn’t disable it again, had to remove it and reinstall new. Still threw fatal error. Went to CF site and purged all files, then tried with no other plugs enabled. Now it’s asking for credentials at the top of the screen. Tried to activate and it’s still throwing a fatal error. Removed and reinstalled, still with no other plugs. Can’t get out of this loop, and re-purging doesn’t fix it. * Fully deleted the IWP plug, trying to install and activate CF. Still throwing the fatal error. Unfortunately still lots of possibilities. Console shows JQMIGRATE: Migrate is installed, version 1.4.1 with an error ‘//@ sourceURL’ and ‘//@ sourceMappingURL’ are deprecated, please use ‘//#sourceURL=’ and ‘..# sourceMappingURL=’ instead. Incidentally, had a problem with and older theme tonite that also involved JQMIGRATE, which IIRC was introduced in WP 4.6 and here it is again. Feels like a JS problem now. If you’ll tell me what you need from Developer Tools I’ll give you the info at failure time. * Two steps forward, one step back… * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Cloudflare] Invalid CSRF Token on 3.0.1](https://wordpress.org/support/topic/invalid-csrf-token-on-3-0-1/) * Thread Starter [Steve Cunningham](https://wordpress.org/support/users/synthman/) * (@synthman) * [9 years, 6 months ago](https://wordpress.org/support/topic/invalid-csrf-token-on-3-0-1/page/2/#post-8208536) * Okay, I’ve found the problem on two different sites running 3.0.3 on PHP 5.3.10. * It’s the Infinite WP management plugin. As soon as I deactivate it the CSRF Token disappears and doesn’t return under any conditions. I activated all the normal plugs (I’ll get you a list tomorrow) and the CF plug still works like a champ. * However, the site running 7.0.10 now has the “I can’t select an active zone and all the buttons on the CF screen are dead” problem. I’ve already disabled the IWP plug with no improvement. * I’ll try disabling all other plugs again. - This reply was modified 9 years, 6 months ago by [Steve Cunningham](https://wordpress.org/support/users/synthman/). Reason: replaced more bad news with some good. That's okay, right? * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Cloudflare] Invalid CSRF Token on 3.0.1](https://wordpress.org/support/topic/invalid-csrf-token-on-3-0-1/) * Thread Starter [Steve Cunningham](https://wordpress.org/support/users/synthman/) * (@synthman) * [9 years, 6 months ago](https://wordpress.org/support/topic/invalid-csrf-token-on-3-0-1/page/2/#post-8199430) * Stoopid editor keeps cutting off long lines: * {value: “off”, cfCSRFToken: “1f866ac472”,…} cfCSRFToken : “1f866ac472” proxyURL:“ [https://api.cloudflare.com/client/v4/zones/55a08c63de1e6bec63fe9193197aab61/settings/always_online”](https://api.cloudflare.com/client/v4/zones/55a08c63de1e6bec63fe9193197aab61/settings/always_online”); value : “off” * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Cloudflare] Invalid CSRF Token on 3.0.1](https://wordpress.org/support/topic/invalid-csrf-token-on-3-0-1/) * Thread Starter [Steve Cunningham](https://wordpress.org/support/users/synthman/) * (@synthman) * [9 years, 6 months ago](https://wordpress.org/support/topic/invalid-csrf-token-on-3-0-1/page/2/#post-8199421) * Done. (BTW, it’s line 47 in proxy.php). * Cleared caches, logged out and in to site. No change in behavior. * Here’s the Request Payload, parsed: * {“value”:”off”,”cfCSRFToken”:”1f866ac472″,”proxyURL”:”[https://api.cloudflare.com/client/v4/zones/55a08c63de1e6bec63fe9193197aab61/settings/always_online”](https://api.cloudflare.com/client/v4/zones/55a08c63de1e6bec63fe9193197aab61/settings/always_online”);} * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Cloudflare] Invalid CSRF Token on 3.0.1](https://wordpress.org/support/topic/invalid-csrf-token-on-3-0-1/) * Thread Starter [Steve Cunningham](https://wordpress.org/support/users/synthman/) * (@synthman) * [9 years, 6 months ago](https://wordpress.org/support/topic/invalid-csrf-token-on-3-0-1/#post-8196436) * Is there anything else I can examine to help you understand what’s going wrong here? (yes, I understand you’re kinda busy now). * The request payload, as source: {“value”:”on”,”cfCSRFToken”:”8c4dbd1c4a”,”proxyURL”:” [https://partners.cloudflare/plugins/plugin/55a08c63de1e6bec63fe9193197aab61/settings/plugin_specific_cache”](https://partners.cloudflare/plugins/plugin/55a08c63de1e6bec63fe9193197aab61/settings/plugin_specific_cache”);} * Response Headers access-control-allow-credentials:true access-control-allow- origin:[https://65chero.com](https://65chero.com) cache-control:no-cache, must- revalidate, max-age=0 cf-ray:2e489fbabc514722-EWR content-encoding:gzip content- type:application/json date:Sun, 18 Sep 2016 23:37:08 GMT expires:Wed, 11 Jan 1984 05:00:00 GMT server:cloudflare-nginx status:200 x-content-type-options:nosniff x-frame-options:SAMEORIGIN x-powered-by:PHP/5.3.10-1ubuntu3.24 x-robots-tag:noindex * Request Headers :authority:65chero.com :method:PATCH :path:/wp-admin/admin-ajax. php?action=cloudflare_proxy :scheme:https accept:*/* accept-encoding:gzip, deflate, sdch, br accept-language:en-US,en;q=0.8 content-length:161 content-type:application/ json cookie:wordpress_310142781ea73d9d3e9aa09f8a7b34a4=synthman%7C1475119997% 7CzFgZ5I8lpfKJPitpgQPJAX0BLSNniU539HHQ6Alh7jE%7Cd3f727dc2c72eb6eb645ae3d69af4d85a4831bf25921d782956c2e5426b015a1; wordpress_sec_655473845d827a39cf0bb85b02dc7121=synthman%7C1475261097%7CI37vuCZlRJOI4b32dBrjXsNQ3ROzR1oPjFraw9CKYX8% 7Ce4f076c4b346837ae26157deaab9f033ced2556f0b6eea9af3adca12a80d2c98; wordpress_logged_in_310142781ea73d9d3e9aa09f8a7b34a4 =synthman%7C1475119997%7CzFgZ5I8lpfKJPitpgQPJAX0BLSNniU539HHQ6Alh7jE%7Cea181a5e568b6109907bd01bd6c74442e7f7aad0de35a38eb922680b465bda27; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_655473845d827a39cf0bb85b02dc7121 =synthman%7C1475261097%7CI37vuCZlRJOI4b32dBrjXsNQ3ROzR1oPjFraw9CKYX8%7C069a24bbc7405e68b08b994010c313109f5979370997dfafd706a56a6bca39f5; __cfduid=d4f8825d883e53e78f2cb9e90de7d2fc81474051498; wp-settings-3=editor%3Dtinymce% 26mfold%3Do; wp-settings-time-3=1474064463 dnt:1 origin:[https://65chero.com](https://65chero.com) referer:[https://65chero.com/wp-admin/options-general.php?page=cloudflare](https://65chero.com/wp-admin/options-general.php?page=cloudflare) user-agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36( KHTML, like Gecko) Chrome/53.0.2785.113 Safari/537.36 * Query String Parameters action=cloudflare_proxy * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Cloudflare] Invalid CSRF Token on 3.0.1](https://wordpress.org/support/topic/invalid-csrf-token-on-3-0-1/) * Thread Starter [Steve Cunningham](https://wordpress.org/support/users/synthman/) * (@synthman) * [9 years, 6 months ago](https://wordpress.org/support/topic/invalid-csrf-token-on-3-0-1/#post-8196366) * Yes it is: * > [Request contents](https://imgur.com/a/knISl) * Request URL:[https://65chero.com/wp-admin/admin-ajax.php?action=cloudflare_proxy](https://65chero.com/wp-admin/admin-ajax.php?action=cloudflare_proxy) Request Method:PATCH Status Code:200 Remote Address:104.27.130.226:443 Response Headers access-control-allow-credentials:true access-control-allow-origin:[https://65chero.com](https://65chero.com) cache-control:no-cache, must-revalidate, max-age=0 cf-ray:2e485745afa94722-EWR content-encoding:gzip content-type:application/json date:Sun, 18 Sep 2016 22: 47:39 GMT expires:Wed, 11 Jan 1984 05:00:00 GMT server:cloudflare-nginx status: 200 x-content-type-options:nosniff x-frame-options:SAMEORIGIN x-powered-by:PHP/ 5.3.10-1ubuntu3.24 x-robots-tag:noindex Request Headers :authority:65chero.com: method:PATCH :path:/wp-admin/admin-ajax.php?action=cloudflare_proxy :scheme:https accept:*/* accept-encoding:gzip, deflate, sdch, br accept-language:en-US,en;q =0.8 content-length:161 content-type:application/json cookie:wordpress_310142781ea73d9d3e9aa09f8a7b34a4 =synthman%7C1475119997%7CzFgZ5I8lpfKJPitpgQPJAX0BLSNniU539HHQ6Alh7jE%7Cd3f727dc2c72eb6eb645ae3d69af4d85a4831bf25921d782956c2e5426b015a1; wordpress_sec_655473845d827a39cf0bb85b02dc7121=synthman%7C1475261097%7CI37vuCZlRJOI4b32dBrjXsNQ3ROzR1oPjFraw9CKYX8% 7Ce4f076c4b346837ae26157deaab9f033ced2556f0b6eea9af3adca12a80d2c98; wordpress_logged_in_310142781ea73d9d3e9aa09f8a7b34a4 =synthman%7C1475119997%7CzFgZ5I8lpfKJPitpgQPJAX0BLSNniU539HHQ6Alh7jE%7Cea181a5e568b6109907bd01bd6c74442e7f7aad0de35a38eb922680b465bda27; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_655473845d827a39cf0bb85b02dc7121 =synthman%7C1475261097%7CI37vuCZlRJOI4b32dBrjXsNQ3ROzR1oPjFraw9CKYX8%7C069a24bbc7405e68b08b994010c313109f5979370997dfafd706a56a6bca39f5; __cfduid=d4f8825d883e53e78f2cb9e90de7d2fc81474051498; wp-settings-3=editor%3Dtinymce% 26mfold%3Do; wp-settings-time-3=1474064463 dnt:1 origin:[https://65chero.com](https://65chero.com) referer:[https://65chero.com/wp-admin/options-general.php?page=cloudflare](https://65chero.com/wp-admin/options-general.php?page=cloudflare) user-agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36( KHTML, like Gecko) Chrome/53.0.2785.113 Safari/537.36 Query String Parameters view source view URL encoded action:cloudflare_proxy Request Payload view source{ value: “on”, cfCSRFToken: “8c4dbd1c4a”,…} cfCSRFToken : “8c4dbd1c4a” proxyURL:“ [https://partners.cloudflare/plugins/plugin/55a08c63de1e6bec63fe9193197aab61/settings/plugin_specific_cache”](https://partners.cloudflare/plugins/plugin/55a08c63de1e6bec63fe9193197aab61/settings/plugin_specific_cache”); value : “on” - This reply was modified 9 years, 6 months ago by [Steve Cunningham](https://wordpress.org/support/users/synthman/). Reason: add text for response * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Cloudflare] Invalid CSRF Token on 3.0.1](https://wordpress.org/support/topic/invalid-csrf-token-on-3-0-1/) * Thread Starter [Steve Cunningham](https://wordpress.org/support/users/synthman/) * (@synthman) * [9 years, 7 months ago](https://wordpress.org/support/topic/invalid-csrf-token-on-3-0-1/#post-8194363) * > [CF request response](https://imgur.com/ylxsp6L) * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Cloudflare] Invalid CSRF Token on 3.0.1](https://wordpress.org/support/topic/invalid-csrf-token-on-3-0-1/) * Thread Starter [Steve Cunningham](https://wordpress.org/support/users/synthman/) * (@synthman) * [9 years, 7 months ago](https://wordpress.org/support/topic/invalid-csrf-token-on-3-0-1/#post-8194160) * Sorry for the break… life is still in session. * Think I found something. When I click a button there’s a single ajax request, status 200, type xhr. When I expose the the request I see this: * {result: null, success: false, errors: [{code: “”, message: “CSRF Token not valid.”}], messages: []} errors : [{code: “”, message: “CSRF Token not valid.”}] 0 : {code:“”, message: “CSRF Token not valid.”} code : “” message : “CSRF Token not valid.” messages : [] result : null success : false * So the token is getting lost or munged somewhere in there… * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Cloudflare] Invalid CSRF Token on 3.0.1](https://wordpress.org/support/topic/invalid-csrf-token-on-3-0-1/) * Thread Starter [Steve Cunningham](https://wordpress.org/support/users/synthman/) * (@synthman) * [9 years, 7 months ago](https://wordpress.org/support/topic/invalid-csrf-token-on-3-0-1/#post-8192342) * Thanks for clarification. * Yup, I get “f33289b5e2”. So the token is there. * Dunno if it helps, but here’s the output just prior. * action @ 21:11:52.405 PLUGIN_SETTINGS_FETCH_SUCCESS compiled.js:16363 When merging two 55a08c63de1e6bec63fe9193197aab61, found unequal data in their “id” values. Using the earlier value. 921d66affa2478612f14bf7ee2c30322 c46cd410c7887ca0315ae6b36e02384a compiled.js:16363 When merging two 55a08c63de1e6bec63fe9193197aab61, found unequal data in their “type” values. Using the earlier value. A MX compiled.js:16363 When merging two 55a08c63de1e6bec63fe9193197aab61, found unequal data in their“ content” values. Using the earlier value. 108.174.63.162 mx.hover.com.cust.hostedemail. com compiled.js:16363 When merging two 55a08c63de1e6bec63fe9193197aab61, found unequal data in their “proxiable” values. Using the earlier value. true false compiled.js:16363 When merging two 55a08c63de1e6bec63fe9193197aab61, found unequal data in their “proxied” values. Using the earlier value. true false compiled. js:16363 When merging two 55a08c63de1e6bec63fe9193197aab61, found unequal data in their “modified_on” values. Using the earlier value. 2016-04-13T15:16:52.403860Z 2016-04-13T15:16:52.438206Z compiled.js:16363 When merging two 55a08c63de1e6bec63fe9193197aab61, found unequal data in their “created_on” values. Using the earlier value. 2016- 04-13T15:16:52.403860Z 2016-04-13T15:16:52.438206Z compiled.js:64362 action @ 21:11:52.597 DNS_RECORD_FETCH_LIST_SUCCESS compiled.js:36236 Only a single Gateway can be rendered at a time into a GatewayDest.You rendered multiple into “modal” compiled.js:64362 action @ 21:11:52.623 ZONE_FETCH_SETTINGS_SUCCESS compiled. js:64362 action @ 21:11:52.676 ZONES_RAILGUNS_FETCH_ALL_SUCCESS compiled.js:64362 action @ 21:11:53.513 ZONE_FETCH_ANALYTICS_SUCCESS cfCSRFToken “f33289b5e2” - This reply was modified 9 years, 7 months ago by [Steve Cunningham](https://wordpress.org/support/users/synthman/). Reason: added console output * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Cloudflare] Invalid CSRF Token on 3.0.1](https://wordpress.org/support/topic/invalid-csrf-token-on-3-0-1/) * Thread Starter [Steve Cunningham](https://wordpress.org/support/users/synthman/) * (@synthman) * [9 years, 7 months ago](https://wordpress.org/support/topic/invalid-csrf-token-on-3-0-1/#post-8192160) * Hoping I’ve done this correctly. In the console I wrote a bit of php * * Out of this I get nothing but NULL. Which actually makes some sense from the log above this. Any ideas? or did I just prove that my php is about a good as my skills at brain surgery? I’m self-taught… * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Cloudflare] Invalid CSRF Token on 3.0.1](https://wordpress.org/support/topic/invalid-csrf-token-on-3-0-1/) * Thread Starter [Steve Cunningham](https://wordpress.org/support/users/synthman/) * (@synthman) * [9 years, 7 months ago](https://wordpress.org/support/topic/invalid-csrf-token-on-3-0-1/#post-8191946) * I found one set of PHP errors in the log from a couple hours ago. Maybe it will help. It appears that the auth email addy is not arriving: * 2016/09/16 16:02:11 [error] 14370#14370: *58 FastCGI sent in stderr: “PHP message:[ CloudFlare] ERROR: [CLIENT API] Array ( [type] => request [method] => GET [path] => zones/ [headers] => Array ( [X-Auth-Key] => [X-Auth-Email] => [Content-Type] => application/json ) * [params] => Array ( ) * [body] => Array ( [cfCSRFToken] => ) * ) * PHP message: [CloudFlare] ERROR: [CLIENT API] Array ( [type] => response [reason] => Forbidden [code] => 403 [body] => Missing X-Auth-Email header [stacktrace] => #0 /srv/www/65chero/public_html/wp-content/plugins/cloudflare/vendor/guzzle/ guzzle/src/Guzzle/Http/Message/Request.php(145): Guzzle\Http\Exception\BadResponseException:: factory(Object(Guzzle\Http\Message\Request), Object(Guzzle\Http\Message\Response))# 1 [internal function]: Guzzle\Http\Message\Request::onRequestError(Object(Guzzle\ Common\Event), 'request.error', Object(Symfony\Component\EventDispatcher\EventDispatcher))# 2 /srv/www/65chero/public_html/wp-content/plugins/cloudflare/vendor/symfony/event- dispatcher/EventDispatcher.php(184): call_user_func(Array, Object(Guzzle\Common\ Event), 'request.error', Object(Symfony\Component\EventDispatcher\EventDispatcher))# 3 /srv/www/65chero/public_html/wp-content/plugins/cloudflare/vendor/symfony/event- dispatcher/EventDispatcher.php(46): Symfony\Component\EventDispatcher\EventDispatc... PHP message: [CloudFlare] ERROR: Missing X-Auth-Email header PHP message: PHP Warning: Invalid argument supplied for foreach() in /srv/www/65chero/public_html/ wp-content/plugins/cloudflare/src/WordPress/WordPressAPI.php on line 138" while reading response header from upstream, client: 108.162.219.248, server: [http://www.65chero.com](http://www.65chero.com), request: "POST /wp-admin/admin-ajax.php?action=cloudflare_proxy HTTP/1.1", upstream:" fastcgi://unix:/var/run/php5-fpm.sock:", host: "65chero.com", referrer: "https:// 65chero.com/wp-admin/options-general.php?page=cloudflare" * Maybe that will help you. I have a few dev plugs; if I knew what I was looking for perhaps I could find the trouble. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Cloudflare] Invalid CSRF Token on 3.0.1](https://wordpress.org/support/topic/invalid-csrf-token-on-3-0-1/) * Thread Starter [Steve Cunningham](https://wordpress.org/support/users/synthman/) * (@synthman) * [9 years, 7 months ago](https://wordpress.org/support/topic/invalid-csrf-token-on-3-0-1/#post-8191293) * Refreshing does not fix the error. Cleared all browser caches, purged all site caches manually at the CF site, logged out of CF site, no change. * Doesn’t matter what setting I try to change — I get the CSRF Token not valid message. PHP is 5.3 (5.3.10-1ubuntu3.24), could that be the problem? I can try it on a site with PHP 7. Viewing 15 replies - 1 through 15 (of 15 total)