Saving object results in "Detected CSRF Attack!"

[valentin-]

Hi, sometimes saving an object is not possible. After reloading the backend it's working fine again. Anyone got an idea what's causing the issue or how to solve it?

Pimcore 11.1.5

[2024-03-19T14:36:01.336426+01:00] security.ERROR: Detected CSRF attack on /admin/object/save {"request":"/admin/object/save"} []
[2024-03-19T14:36:01.339594+01:00] request.ERROR: Uncaught PHP Exception Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException: "Detected CSRF Attack! Do not do evil things with pimcore ... ;-)" at CsrfProtectionHandler.php line 60 {"exception":"[object] (Symfony\\Component\\HttpKernel\\Exception\\AccessDeniedHttpException(code: 0): Detected CSRF Attack! Do not do evil things with pimcore ... ;-) at /app/vendor/pimcore/admin-ui-classic-bundle/src/Security/CsrfProtectionHandler.php:60)"} []
[2024-03-19T14:36:04.467474+01:00] security.ERROR: Detected CSRF attack on /admin/object/save {"request":"/admin/object/save"} []
[2024-03-19T14:36:04.469994+01:00] request.ERROR: Uncaught PHP Exception Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException: "Detected CSRF Attack! Do not do evil things with pimcore ... ;-)" at CsrfProtectionHandler.php line 60 {"exception":"[object] (Symfony\\Component\\HttpKernel\\Exception\\AccessDeniedHttpException(code: 0): Detected CSRF Attack! Do not do evil things with pimcore ... ;-) at /app/vendor/pimcore/admin-ui-classic-bundle/src/Security/CsrfProtectionHandler.php:60)"} []
[2024-03-19T14:36:44.108893+01:00] security.ERROR: Detected CSRF attack on /admin/object/save {"request":"/admin/object/save"} []
[2024-03-19T14:36:44.111242+01:00] request.ERROR: Uncaught PHP Exception Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException: "Detected CSRF Attack! Do not do evil things with pimcore ... ;-)" at CsrfProtectionHandler.php line 60 {"exception":"[object] (Symfony\\Component\\HttpKernel\\Exception\\AccessDeniedHttpException(code: 0): Detected CSRF Attack! Do not do evil things with pimcore ... ;-) at /app/vendor/pimcore/admin-ui-classic-bundle/src/Security/CsrfProtectionHandler.php:60)"} []
[2024-03-19T14:36:47.089810+01:00] security.ERROR: Detected CSRF attack on /admin/object/save {"request":"/admin/object/save"} []
[2024-03-19T14:36:47.092829+01:00] request.ERROR: Uncaught PHP Exception Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException: "Detected CSRF Attack! Do not do evil things with pimcore ... ;-)" at CsrfProtectionHandler.php line 60 {"exception":"[object] (Symfony\\Component\\HttpKernel\\Exception\\AccessDeniedHttpException(code: 0): Detected CSRF Attack! Do not do evil things with pimcore ... ;-) at /app/vendor/pimcore/admin-ui-classic-bundle/src/Security/CsrfProtectionHandler.php:60)"} []
[2024-03-19T14:36:53.996567+01:00] security.ERROR: Detected CSRF attack on /admin/object/save {"request":"/admin/object/save"} []
[2024-03-19T14:36:53.999008+01:00] request.ERROR: Uncaught PHP Exception Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException: "Detected CSRF Attack! Do not do evil things with pimcore ... ;-)" at CsrfProtectionHandler.php line 60 {"exception":"[object] (Symfony\\Component\\HttpKernel\\Exception\\AccessDeniedHttpException(code: 0): Detected CSRF Attack! Do not do evil things with pimcore ... ;-) at /app/vendor/pimcore/admin-ui-classic-bundle/src/Security/CsrfProtectionHandler.php:60)"} []
[2024-03-19T14:37:01.553223+01:00] security.ERROR: Detected CSRF attack on /admin/object/save {"request":"/admin/object/save"} []
[2024-03-19T14:37:01.559793+01:00] request.ERROR: Uncaught PHP Exception Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException: "Detected CSRF Attack! Do not do evil things with pimcore ... ;-)" at CsrfProtectionHandler.php line 60 {"exception":"[object] (Symfony\\Component\\HttpKernel\\Exception\\AccessDeniedHttpException(code: 0): Detected CSRF Attack! Do not do evil things with pimcore ... ;-) at /app/vendor/pimcore/admin-ui-classic-bundle/src/Security/CsrfProtectionHandler.php:60)"} []

Thanks

[manuelkleinert]

Try deleting the PHPSESSID in the cookies and logging in again

[kingjia90]

Might be related to #10740?

[valentin-]

Thanks, looks like it's related to that issue.