Invalid CSRF Token warnings


Invalid CSRF Token warnings appear in the logs, if portlet.url.anchor.enable=true is set in

User 20127 is not allowed to access URL http://localhost:8080/web/guest/home and portlet com_liferay_message_boards_web_portlet_MBPortlet: User 20127 did not provide a valid CSRF token for com.liferay.portlet.SecurityPortletContainerWrapper


  • Liferay DXP 7.2


This should be fixed in DXP 7.2 FP5+ (liferay-fixpack-dxp-5-7210) by LPS-109009.

If this specific error appears without setting the above property in, then the following action should solve the problem:

Delete com.liferay.portal.upload.internal.configuration.UploadServletRequestConfiguration​config file from osgi/config folder and this row from the configuration_ table in the database, then setting manually a higher value for "Overall Maximum Upload Request Size" in "Control Panel → Configuration → System Settings → Infrastructure → Upload Servlet Request" section.



Was this article helpful?
1 out of 1 found this helpful