Unable to take any payments after update to 1.5.3
CiviCRM 5.51.3 (also 5.54.1)
WP 5.9.5 also (6.0.3)
Stripe 6.7.11
mjwshared 1.2.9
sweetalert 1.5
apache 2.4
php 7.4
mariadb 10.3 (also 1.5)
After update to 1.5.3 or 1.5.4 - all transactions fail.
Firewall table shows (IP removed, and limited data to recent on a small site)
select id,access_date,event_type,source from civicrm_firewall_ipaddress;
id | access_date | event_type | source |
---|---|---|---|
3 | 2022-11-13 17:26:11 | InvalidCSRFEvent | expired token |
4 | 2022-11-13 17:26:47 | InvalidCSRFEvent | expired token |
5 | 2022-11-13 17:27:54 | InvalidCSRFEvent | expired token |
6 | 2022-11-14 07:58:13 | InvalidCSRFEvent | expired token |
7 | 2022-11-14 07:58:52 | InvalidCSRFEvent | expired token |
8 | 2022-11-14 17:21:01 | InvalidCSRFEvent | expired token |
9 | 2022-11-14 17:23:21 | InvalidCSRFEvent | expired token |
10 | 2022-11-14 17:25:40 | InvalidCSRFEvent | expired token |
11 | 2022-11-14 17:26:35 | InvalidCSRFEvent | expired token |
Just for a sample.
This was on all sites using Stripe.
The quick fix was to downgrade to V 1.5.2, flush cache and then review firewall settings
I found on all sites that had upgarded we'd now have the 'proxy' box checked:
After downgrade and unchecking the CSFR timeout appeared and we could take payments again
What is the best path forward?