ANTIFORGERY_ID mismatch. Expecting {ISSUE_NUMBER_HERE}

[bst003]

I had set up this plugin for a client who is using an intranet and suddenly they are experiencing this error in certain circumstances.

They are sending out an internal word document that links to various pages on their intranet and when certain users click on the link inside the word document they are given the following error:

ANTIFORGERY_ID mismatch. Expecting {FD8FF6ED-D0BF-F319-D8BB-7711D5E68448}

We aren't using a plugin to force users to stay in, but I do have some functions set up to always redirect unlogged in visitors to the wp-login page, which then redirects them to the microsoft login page. We are currently running WordPress 5.7.2 and the plugin is on version 0.70.

[planet4]

I had the same issue. It is a problem how Word handles SSO and links. I did apply this regedit change and after it works perfect.

https://docs.microsoft.com/en-us/office/troubleshoot/office-suite-issues/cannot-locate-server-when-click-hyperlink

[psignoret]

@planet4 I'm curious, can you share more details about your site and your environment? Are you behind any proxies or firewalls, and is your site using TLS (https://, not http://`)?

[planet4]

@psignoret . It is the site https://work.white.se/. However it is not public so you wont be able to login. It is rinning Ubuntu and Apache. Self hosted. No proxies but is behind our firewall. Https.

[norehman]

I'm recently coming across this issue myself and wondering if there's anything I can do to fix? It's happening to random users and only occasionally? We're growing our site so keen to see if I can resolve. Here's the warning we're getting.

[psignoret]

@norehman Can you share details about your site installation?

[norehman]

I have the website set up to redirect to the wp-login.php page using:
`$actual_link = "https://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";

if ( !is_user_logged_in() ) {
wp_redirect( 'https://SITE-URL/wp-login.php?redirect_to=' . urlencode($actual_link) . '');
} else {
echo '';
}`

We have the plugin configured to automatically redirect to Azure AD.

Our install is on a windows based install:

Here's some exported server info:

--- User Browser ---

Platform: Windows
Browser Name: Chrome
Browser Version: 110.0.0.0
User Agent String: Mozilla/5.0 (Windows NT 10.0; Wi n64; x64) AppleWebKit/537.36 (KH TML, like Gecko) Chrome/110.0.0.0 Safari/537.36

--- WordPress Configurations ---

Version: 6.1.1
Language: en_GB
Permalink Structure: /tegory%/%postname%/
Active Theme: Trade 1.1.5
Page On Front: Home (#87)
Page For Posts: (#0)
ABSPATH: F:\inetpub\vhosts\[URL]\httpdocs/
All Posts/Pages: 8
WP Remote Post: wp_remote_post() works
WP_DEBUG: Disabled
WP Table Prefix: Length: 10, Status: Acceptable
Memory Limit: 40MB

--- Web Server Configurations ---

PHP Version: 7.4.33
MySQL Version: 5.5.5
Web Server Info: Microsoft-IIS/10.0

--- PHP Configurations ---

PHP Memory Limit: 256M
PHP Upload Max Size: 16M
PHP Post Max Size: 16M
PHP Upload Max Filesize: 16M
PHP Time Limit: 60
PHP Max Input Vars: 1000
PHP Arg Separator: &
PHP Allow URL File Open: Yes

--- Web Server Extensions/Modules ---

DISPLAY ERRORS: N/A
FSOCKOPEN: Your server supports fsockopen.
cURL: Your server supports cURL.
SOAP Client: Your server does not have the SOAP Client enabled.
SUHOSIN: Your server does not have SUHOSIN installed.
GD Library: PHP GD library is installed on your web server.
Mail: PHP mail function exist on your web server.
Exif: PHP Exif library is installed on your web server.

--- Session Configurations ---

Session: Disabled
Session Name: PHPSESSID
Cookie Path: /
Save Path: C:\Windows\Temp
Use Cookies: On
Use Only Cookies: On

[psignoret]

Is your site load-balanced across multiple servers?

[norehman]

Not load balanced, no.