“Uh oh! Your browser is blocking CSRF tokens!”
If you see this error message while using your PactSafe account, don't worry! The issue should be pretty simple to solve based on the browser that you use.
What are CSRF tokens? They are NOT related to the tokens you can include in your Contracts. CSRF stands for "Cross-Site Request Forgery" and is a type of exploit where someone can intercept calls your browser is making and change them without your knowledge. That's where CSRF tokens come in to save the day! Normally, your browser gets a valid _csrf secure cookie when you navigate to the site and we use it to make sure that every single call to PactSafe it coming from you. Learn more about CSRF style exploits here.
The “Uh oh! Your browser is blocking CSRF tokens!” message means that we couldn't verify the token stored in your browser. This is most likely caused by an advertisement or script-blocking plugin you may have installed. It can also be caused if browser is configured to prevent cookies from being sent and accessed.
If disabling your plugins did not solve the issue, here are some steps to update your browser's cookie settings.
- Open Chrome Settings.
- Scroll to the bottom and click on Advanced.
- In the Privacy and security section, click the Content Settings button.
- Click on Cookies.
- Next to Allow, click Add.
- Type [*.]pactsafe.com and click Add.
- Then type [*.]pactsafe.io and click Add.
- Under All cookies and site data, search for "pactsafe", and delete all PactSafe-related entries.
- Reload Chrome and log into PactSafe.
- Go to Firefox's Preferences -> Privacy & Security menu.
- In the History section, select Use custom settings for history from the drop-down menu.
- Click on Exceptions and whitelist https://app.pactsafe.com and https://pactsafe.io.
- Scroll down to Site Data and click on Settings next to it.
- Search for "pactsafe" and remove all shown entries.
- Reload Firefox and log into PactSafe.
Note: If this alone doesn't help, try enabling third-party cookies in the Use custom settings for history menu, mentioned in step 2.
- Open Safari Preferences from the drop-down menu in the navigation bar or by typing Cmd + , (⌘,).
- Click the Privacy tab and make sure that "Cookies and website data" is set to either "Always allow" or "Allow from websites I visit".
- Click on the Manage Website Data button to see all locally stored website data.
- Search for “pactsafe” and remove all Pactsafe-related entries.
- Reload Safari and log into PactSafe.
Tip: Temporarily switching browsers in the meantime often works as a workaround for this issue, too!
Did this help? If not, feel free to reach out by popping up a chat window or sending email to email@example.com.