I can't turn on my machine because of Access Violation of CSRF

I just started using this Linode today. It's a little bit hassle because almost every menu that I go into, it always triggers the login page.

But my real problem now is, I can't able to Boot the virtual machine that I created and then it redirects me to this page that says

"Access violation
I'm sorry, but you've triggered our Cross-Site Request Forgery (CSRF) prevention measure.

Please don't use the back-button to resubmit an already-submitted form."

Any help, please?

3 Replies

We've often seen this issue from customers who are connecting to Linode Manager while using certain browser plugins, browser configurations, multiple concurrent browsers or connection devices, mobile hotspot or cellular connection, VPN, dynamic IPs, multiple proxies, or other services that frequently change the IP address you're logging in from.

Just to provide some background, Cross-Site Request Forgery (CSRF) is a type of attack that occurs when a malicious website, email, blog, instant message, or a program causes a user's web browser to perform an unwanted action on a trusted site for which the user is currently authenticated. So you can see why frequently changing source IP addresses would trigger this issue from a browser.

For initial troubleshooting, you can try clearing your browser cache and cookies, trying different browsers, and trying different network connections if available to see if that resolves triggering CSRF prevention.

If you're unable to resolve the issue causing the CSRF prevention measures, we'd recommend using our API to accomplish the actions you're attempting instead of through Linode Manager. Here's our guide on using the API:

Getting Started with the Linode API

And here's our API documentation:

Linode APIv4 Documentation

Yes, I'm aware of CSRF.

But it looks too hassle anyway like you have to re-login again and again like almost every page that I'm going in inside the portal. In Azure and other cloud providers, I haven't experienced this even I'm using the same connection as I'm using today.

I hope there will some be updates soon regarding this kind of issue anyway.

Thank you for your response. I appreciate it.

Happy to help -- I updated my initial response with some additional troubleshooting measures to try out before resorting to the API.


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct