Submit Feedback
Legacy Knowledge Base
Published Jul. 2, 2025

Invalid CSRF Token warnings

Written By

Alexandra Rujzam

How To articles are not official guidelines or officially supporteddocumentation. They are community-contributed content and may not alwaysreflect the latest updates to Liferay DXP. We welcome your feedback toimprove How to articles!

While we make every effort to ensure this Knowledge Base is accurate, itmay not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with anyfeedback or concerns.

Legacy Article

You are viewing an article from our legacy "FastTrack"publication program, made available for informational purposes. Articlesin this program were published without a requirement for independentediting or verification and are provided "as is" withoutguarantee.

Before using any information from this article, independently verify itssuitability for your situation and project.

Issue

Invalid CSRF Token warnings appear in the logs, if portlet.url.anchor.enable=true is set in portal-ext.properties.

User 20127 is not allowed to access URL http://localhost:8080/web/guest/home and portlet com_liferay_message_boards_web_portlet_MBPortlet: User 20127 did not provide a valid CSRF token for com.liferay.portlet.SecurityPortletContainerWrapper

Environment

  • Liferay DXP 7.2

Resolution

This should be fixed in DXP 7.2 FP5+ (liferay-fixpack-dxp-5-7210) by LPS-109009.

If this specific error appears without setting the above property in portal-ext.properties, then the following action should solve the problem:

Delete com.liferay.portal.upload.internal.configuration.UploadServletRequestConfiguration​config file from osgi/config folder and this row from the configuration_ table in the database, then setting manually a higher value for "Overall Maximum Upload Request Size" in "Control Panel → Configuration → System Settings → Infrastructure → Upload Servlet Request" section.

 

 

Did this article resolve your issue ?
Legacy Knowledge Base
Did this article resolve your issue ?