Error while Ajax call?

ShahkhanSH · January 18, 2024, 1:18pm

Traceback (innermost last):
Module ZPublisher.WSGIPublisher, line 162, in transaction_pubevents
Module ZPublisher.WSGIPublisher, line 371, in publish_module
Module ZPublisher.WSGIPublisher, line 274, in publish
Module ZPublisher.mapply, line 85, in mapply
Module ZPublisher.WSGIPublisher, line 63, in call_object
Module customcontent.addon.browser.ajax.ajax_call, line 12, in call
Module plone.protect.authenticator, line 126, in check
Forbidden: Form authenticator is invalid.

This Error While making an Ajax call

dieter · January 18, 2024, 1:35pm

Shahkhan Sh via Plone Community wrote at 2024-1-18 13:28 +0000:

Traceback (innermost last):
...
Module plone.protect.authenticator, line 126, in check
Forbidden: Form authenticator is invalid.

Authenticator checks are a Plone measure to protect
against CSRF (= "Cross Site Request Forgery"):
If Plone generates a form, it automatically adds a hidden field
containing the currently valid authenticator value.
If you create the form yourself, you must do something similar.

zopyx · January 18, 2024, 1:41pm

Two options:

include the CSRF token in your form
disable the CSRF protection inside the handler which deals with the POST request

See docs: